Vulnerabilities
Vulnerable Software
imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.
CVSS Score
10.0
EPSS Score
0.01
Published
2002-08-12
Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.
CVSS Score
10.0
EPSS Score
0.013
Published
2002-08-12
browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.
CVSS Score
5.0
EPSS Score
0.006
Published
2002-08-12
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.
CVSS Score
7.5
EPSS Score
0.007
Published
2002-05-16


Contact Us

Shodan ® - All rights reserved