Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6494

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-6494
Last Modified 15 Nov 2008 02:04:49
Published 20 Dec 2007 03:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6494

Summary

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.

Vulnerable Systems

Application

  • Hosting Controller 6.1 Hotfix 3.3


References

XF - hostingcontroller-multiple-security-bypass(39038)

BID - 26862

BUGTRAQ - 20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)

MILW0RM - 4730

OSVDB - 44186

SECTRACK - 1019222

SREASON - 3474


Last Updated: 27 May 2016 10:46:31