Lucene search

[email protected]CVE-2006-1764

HistoryApr 13, 2006 - 1:06 a.m.

CVE-2006-1764

2006-04-1301:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1764

hosting controller

web security

access control

sensitive information disclosure

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerRange≤6.1_hotfix_2.9

hosting_controllerhosting_controllerMatch1.1

hosting_controllerhosting_controllerMatch1.3

hosting_controllerhosting_controllerMatch1.4

hosting_controllerhosting_controllerMatch1.4.1

hosting_controllerhosting_controllerMatch1.4b

hosting_controllerhosting_controllerMatch6.1

hosting_controllerhosting_controllerMatch6.1_hotfix_1.4

hosting_controllerhosting_controllerMatch6.1_hotfix_1.7

hosting_controllerhosting_controllerMatch6.1_hotfix_1.9

hosting_controllerhosting_controllerMatch6.1_hotfix_2.0

hosting_controllerhosting_controllerMatch6.1_hotfix_2.1

hosting_controllerhosting_controllerMatch6.1_hotfix_2.3

hosting_controllerhosting_controllerMatch6.1_hotfix_2.8

hosting_controllerhosting_controllerMatch2002

hosting_controllerhosting_controllerMatch2002_rc_1

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllerle6.1_hotfix_2.9
hosting_controller:hosting_controllerhosting controllereq1.1
hosting_controller:hosting_controllerhosting controllereq1.3
hosting_controller:hosting_controllerhosting controllereq1.4
hosting_controller:hosting_controllerhosting controllereq1.4.1
hosting_controller:hosting_controllerhosting controllereq1.4b
hosting_controller:hosting_controllerhosting controllereq6.1
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.4
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.7
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.9

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	le	6.1_hotfix_2.9
hosting_controller:hosting_controller	hosting controller	eq	1.1
hosting_controller:hosting_controller	hosting controller	eq	1.3
hosting_controller:hosting_controller	hosting controller	eq	1.4
hosting_controller:hosting_controller	hosting controller	eq	1.4.1
hosting_controller:hosting_controller	hosting controller	eq	1.4b
hosting_controller:hosting_controller	hosting controller	eq	6.1
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.4
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.7
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.9

Rows per page:

1-10 of 161

References

secunia.com/advisories/19569

www.osvdb.org/24447

www.vupen.com/english/advisories/2006/1268

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for CVE-2006-1764

cvelist1 nvd1 prion1