• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-264

CVE-2007-6495

February 26, 2023 by

inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of Forumdb, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to Forumdb.

CVE-2007-6496

February 26, 2023 by

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.

CVE-2007-6497

February 26, 2023 by

Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.

CVE-2007-6499

February 26, 2023 by

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a “host id (IIS) value.”

CVE-2007-6500

February 26, 2023 by

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete “gateway information” via a request to OpenApi/GatewayVariables.asp.

CVE-2007-6501

February 26, 2023 by

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable “pay type” via a request to adminsettings/choosetranstype.asp.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 94
  • Go to page 95
  • Go to page 96
  • Go to page 97
  • Go to page 98
  • Interim pages omitted …
  • Go to page 136
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE