getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
Max CVSS
7.5
EPSS Score
1.09%
Published
2002-08-12
Updated
2008-09-05
browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.
Max CVSS
5.0
EPSS Score
1.71%
Published
2002-08-12
Updated
2008-09-05
Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.
Max CVSS
10.0
EPSS Score
0.70%
Published
2002-08-12
Updated
2008-09-05
imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.
Max CVSS
10.0
EPSS Score
2.09%
Published
2002-08-12
Updated
2008-09-05
Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter.
Max CVSS
6.4
EPSS Score
2.32%
Published
2002-08-12
Updated
2008-09-05
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
Max CVSS
5.0
EPSS Score
0.69%
Published
2002-08-12
Updated
2017-12-19
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
Max CVSS
10.0
EPSS Score
0.85%
Published
2002-08-12
Updated
2017-12-19
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
Max CVSS
6.4
EPSS Score
1.00%
Published
2002-08-12
Updated
2008-09-05
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.
Max CVSS
7.5
EPSS Score
0.88%
Published
2002-05-16
Updated
2016-10-18
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!