Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0684

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0684
Last Modified 07 Mar 2011 09:30:36
Published 14 Feb 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0684

Summary

change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.

Vulnerable Systems

Application

  • Virtual Hosting Control System 2.4.7.1


References

SECUNIA - 18799

VUPEN - ADV-2006-0534

BID - 16600

BUGTRAQ - 20060211 RS-2006-1: Multiple flaws in VHCS 2.x

MISC - http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt

XF - vhcs-change-password-weakness(24665)


Last Updated: 27 May 2016 10:41:46