Lucene search

[email protected]CVE-2006-5630

HistoryOct 31, 2006 - 10:07 p.m.

CVE-2006-5630

2006-10-3122:07:00

[email protected]

web.nvd.nist.gov

cve-2006-5630

hosting controller 6.1

hotfix 3.3

remote attackers

virtual directories

arbitrary forum

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerRange≤6.1_hotfix_3.2

hosting_controllerhosting_controllerMatch1.1

hosting_controllerhosting_controllerMatch1.3

hosting_controllerhosting_controllerMatch1.4

hosting_controllerhosting_controllerMatch1.4.1

hosting_controllerhosting_controllerMatch1.4b

hosting_controllerhosting_controllerMatch6.1

hosting_controllerhosting_controllerMatch6.1_hotfix_1.4

hosting_controllerhosting_controllerMatch6.1_hotfix_1.7

hosting_controllerhosting_controllerMatch6.1_hotfix_1.9

hosting_controllerhosting_controllerMatch6.1_hotfix_2.0

hosting_controllerhosting_controllerMatch6.1_hotfix_2.1

hosting_controllerhosting_controllerMatch6.1_hotfix_2.2

hosting_controllerhosting_controllerMatch6.1_hotfix_2.3

hosting_controllerhosting_controllerMatch6.1_hotfix_2.4

hosting_controllerhosting_controllerMatch6.1_hotfix_3.1

hosting_controllerhosting_controllerMatch2002

hosting_controllerhosting_controllerMatch2002_rc_1

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllerle6.1_hotfix_3.2
hosting_controller:hosting_controllerhosting controllereq1.1
hosting_controller:hosting_controllerhosting controllereq1.3
hosting_controller:hosting_controllerhosting controllereq1.4
hosting_controller:hosting_controllerhosting controllereq1.4.1
hosting_controller:hosting_controllerhosting controllereq1.4b
hosting_controller:hosting_controllerhosting controllereq6.1
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.4
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.7
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_1.9

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	le	6.1_hotfix_3.2
hosting_controller:hosting_controller	hosting controller	eq	1.1
hosting_controller:hosting_controller	hosting controller	eq	1.3
hosting_controller:hosting_controller	hosting controller	eq	1.4
hosting_controller:hosting_controller	hosting controller	eq	1.4.1
hosting_controller:hosting_controller	hosting controller	eq	1.4b
hosting_controller:hosting_controller	hosting controller	eq	6.1
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.4
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.7
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_1.9

Rows per page:

1-10 of 181

References

secunia.com/advisories/22607

securityreason.com/securityalert/1804

securitytracker.com/id?1017103

www.kapda.ir/advisory-442.html

www.securityfocus.com/archive/1/449937/100/0/threaded

www.vupen.com/english/advisories/2006/4296

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2006-5630

cvelist1 nvd1