|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities Vulnerability Assessment Details
|
Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities |
||
Checks for multiple vulnerabilities in Hosting Controller < 6.1 hotfix 2.2 Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains an ASP application with multiple flaws. Description : According to its version number, the version of Hosting Controller on the remote host is subject to multiple flaws : - Denial of Service Vulnerabilities By accessing the 'editplanopt3.asp', 'planmanager.asp', and 'plansettings.asp' scripts directly or with specific parameters, a possible hacker can cause the 'inetinfo.exe' process to consume a large amount of CPU resources. - Multiple SQL Injection Vulnerabilities An authenticated attacker can affect SQL queries by manipulating input to the 'searchtext' parameter of the 'IISManagerDB.asp' and 'AccountManager.asp' scripts and the 'ListReason' parameter of the 'listreason.asp' script. - Access Rights Vulnerabilities Several scripts fail to restrict access to privileged users, which permits non-privileged users to add accounts with elevated rights and make changes to various plan settings. Another failure permits users to gain elevated rights by first accessing the 'dsp_newreseller.asp' script before returning to the application's homepage. See also : http://hostingcontroller.com/english/logs/hotfixlogv61_2_2.html Solution : Upgrade to version 6.1 if necessary and apply Hotfix 2.2. Network Security Threat Level: Low / CVSS Base Score : 3 (AV:R/AC:L/Au:R/C:P/A:N/I:P/B:N) Networks Security ID: 14258, 14283 Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security |
||
Cables, Connectors |
ASUS H110M-R Motherboard Intel 6th/7th Gen LGA1151 DDR4 Micro-ATX i/o shield
$42.00
***NEW*** BCM RX67Q Gaming Motherboard | Intel Q67 2nd/3rd Gen. | LGA1155 | DDR3
$29.77
GIGABYTE B550MDS3HAC Socket AM4, AMD Motherboard
$60.00
Micro ATX Desktop Motherboard ASUS H110M-C LGA 1151
$31.95
Gigabyte AMD B550 UD AC Gaming Motherboard - AMD B550 Chipset - AM4 Socket - AMD
$89.99
Asus H81M-C Intel LGA1150 DDR3 Desktop Motherboard MicroATX Socket H3
$24.99
ASUS Prime Z390-A LGA 1151 Intel Z390 SATA USB 3.1 ATX Motherboard NO I/O
$99.00
Asrock Z390 Phantom Gaming 4S/AC Wifi 8th/9th Gen Intel 1151 Motherboard Bulk
$47.55
BTC-S37 Mining Motherboard Kit /w SSD & Ram Preinstalled
$59.99
GIGABYTE MB10-Datto Motherboard Xeon D-1521- SR2DF 2.40 GHz- Open Box
$121.50
|
||
No Discussions have been posted on this vulnerability. |