VYPR
Vendor

Hosting Controller

Products
1
CVEs
39
Across products
39
Status
Private

Products

1

Recent CVEs

39
View all 39 CVEs →
  • CVE-2019-12323Jun 24, 2019
    risk 0.04cvss epss 0.09

    The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.

  • CVE-2007-6494Dec 20, 2007
    risk 0.04cvss epss 0.12

    Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.

  • CVE-2002-0772Aug 12, 2002
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter.

  • CVE-2002-0775Aug 12, 2002
    risk 0.04cvss epss 0.08

    browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.

  • CVE-2007-6498Dec 20, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to…

  • CVE-2007-6496Dec 20, 2007
    risk 0.03cvss epss 0.03

    Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a…

  • CVE-2007-6501Dec 20, 2007
    risk 0.03cvss epss 0.02

    Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.

  • CVE-2007-6495Dec 20, 2007
    risk 0.03cvss epss 0.04

    inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser…

  • CVE-2007-6504Dec 20, 2007
    risk 0.03cvss epss 0.02

    Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.

  • CVE-2007-6497Dec 20, 2007
    risk 0.03cvss epss 0.03

    Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a…

  • CVE-2007-6502Dec 20, 2007
    risk 0.03cvss epss 0.03

    Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using…

  • CVE-2007-6499Dec 20, 2007
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."

  • CVE-2007-6500Dec 20, 2007
    risk 0.03cvss epss 0.04

    Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.

  • CVE-2007-6503Dec 20, 2007
    risk 0.03cvss epss 0.02

    Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp…

  • CVE-2006-6814Dec 29, 2006
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.

  • CVE-2006-5629Oct 31, 2006
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present…

  • CVE-2006-3147Jun 22, 2006
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear…

  • CVE-2005-2219Jul 12, 2005
    risk 0.03cvss epss 0.02

    Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.

  • CVE-2005-2077Jun 29, 2005
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter.

  • CVE-2005-1788Jun 1, 2005
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter.