Vulnerabilities > Hosting Controller > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-20 | CVE-2007-6498 | SQL Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. | 7.5 |
| 2007-12-20 | CVE-2007-6497 | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219. | 7.5 |
| 2006-10-31 | CVE-2006-5630 | Remote Security vulnerability in Hosting Controller Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp. | 7.5 |
| 2006-10-31 | CVE-2006-5629 | SQL Injection vulnerability in Hosting Controller Hosting Controller Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. | 7.5 |
| 2006-04-13 | CVE-2006-1764 | Information Disclosure vulnerability in Hosting Controller Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. | 7.8 |
| 2006-03-14 | CVE-2006-1229 | SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.9 SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
| 2005-06-01 | CVE-2005-1788 | Unspecified vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.0 SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter. | 7.5 |
| 2005-05-27 | CVE-2005-1784 | Remote Security vulnerability in Hosting Controller 6.1.0 Hotfix 3.2 Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp. | 7.5 |
| 2002-08-12 | CVE-2002-0776 | Unspecified vulnerability in Hosting Controller Hosting Controller 2002 getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. | 7.5 |
| 2002-05-16 | CVE-2002-0212 | Information Disclosure vulnerability in Hosting Controller The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack. | 7.5 |