ReportizFlow
Filtered by vendor Hosting Controller
Subscriptions
Filtered by product Hosting Controller
Subscriptions
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1764 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3147 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788. | ||||
| CVE-2006-1229 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-0694 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. | ||||
| CVE-2002-0773 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath. | ||||
| CVE-2002-0775 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter. | ||||
| CVE-2005-0695 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field. | ||||
| CVE-2002-0772 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter. | ||||
| CVE-2002-0774 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed. | ||||
| CVE-2002-0466 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. | ||||
| CVE-2006-1621 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | ||||
| CVE-2002-0465 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter. | ||||
| CVE-2002-0212 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack. | ||||
| CVE-2002-0776 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. | ||||
| CVE-2005-2219 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. | ||||
| CVE-2005-2077 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter. | ||||
| CVE-2005-1784 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp. | ||||