|
284631
|
- |
|
hosting_controller
|
hosting_controller
|
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request…
|
CWE-20
Improper Input Validation
|
CVE-2007-6494
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284632
|
- |
|
hosting_controller
|
hosting_controller
|
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6495
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284633
|
- |
|
hosting_controller
|
hosting_controller
|
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when precede…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6496
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284634
|
- |
|
hosting_controller
|
hosting_controller
|
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6497
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284635
|
- |
|
hosting_controller
|
hosting_controller
|
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname paramet…
|
CWE-89
SQL Injection
|
CVE-2007-6498
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284636
|
- |
|
hosting_controller
|
hosting_controller
|
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNI…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6499
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284637
|
- |
|
hosting_controller
|
hosting_controller
|
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
|
NVD-CWE-noinfo
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6500
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284638
|
- |
|
hosting_controller
|
hosting_controller
|
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
|
NVD-CWE-noinfo
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6501
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284639
|
- |
|
hosting_controller
|
hosting_controller
|
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses…
|
CWE-200
Information Exposure
|
CVE-2007-6502
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284640
|
- |
|
hosting_controller
|
hosting_controller
|
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6503
|
2018-10-16 06:54 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
