Vulnerabilities > Hosting Controller > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-20 | CVE-2007-6504 | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. | 5.5 |
| 2007-12-20 | CVE-2007-6503 | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters. | 5.5 |
| 2007-12-20 | CVE-2007-6502 | Information Exposure vulnerability in Hosting Controller Hosting Controller Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. | 5.5 |
| 2007-12-20 | CVE-2007-6501 | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. | 5.5 |
| 2007-12-20 | CVE-2007-6500 | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. | 4.9 |
| 2007-12-20 | CVE-2007-6499 | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." | 5.5 |
| 2007-12-20 | CVE-2007-6496 | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654. | 6.8 |
| 2007-12-20 | CVE-2007-6495 | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. | 6.5 |
| 2006-12-29 | CVE-2006-6814 | Directory Traversal vulnerability in Hosting Controller Hosting Controller 7C Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter. network hosting-controller | 6.3 |
| 2006-06-22 | CVE-2006-3147 | Privilege Escalation vulnerability in Hosting Controller Addreseller.ASP Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. | 6.5 |