header-logo
Suggest Exploit
vendor:
Hosting Controller
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Hosting Controller
Affected Version From: 6.1 Hotfix 1.7
Affected Version To: 6.1 Hotfix 1.7
Patch Exists: YES
Related CWE: N/A
CPE: //a:hosting_controller:hosting_controller:6.1_hotfix_1.7
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Hosting Controller Information Disclosure Vulnerabilities

Hosting Controller is reported prone to multiple information disclosure vulnerabilities. These issues can allow an attacker to disclose sensitive information, which may be used to carry out further attacks against a computer. An attacker can access a sensitive file to enumerate domain names of all hosted domains. Another issue affecting the application may allow remote users to disclose an administrator's email address.

Mitigation:

Ensure that all sensitive information is properly protected and access to it is restricted to authorized personnel only.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12748/info

Hosting Controller is reported prone to multiple information disclosure vulnerabilities. These issues can allow an attacker to disclose sensitive information, which may be used to carry out further attacks against a computer.

An attacker can access a sensitive file to enumerate domain names of all hosted domains.

Another issue affecting the application may allow remote users to disclose an administrator's email address.

These issues are reported to affect Hosting Controller 6.1 Hotfix 1.7. Other versions are likely to be affected as well.

http://www.example.com/admin/logs/HCDiskQuotaService.csv

Navigation

Suggest Exploit

Services By CQR

cqrsecured