Info

Disclosure

Apr 07, 2006

Discovery

Unknown

Dates

Exploit

Apr 07, 2006

Solution

Unknown

Description

Hosting Controller contains a flaw that may lead to an unauthorized information disclosure. The issue is caused due to user credentials being stored in the "forum/db/forum.mdb" database file inside the web root, which will disclose the administrator's username and password, resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Hosting Controller

6.1

References

Secunia Advisory ID: 19569
CVE ID: 2006-1764 (see also: NVD)
VUPEN Advisory: ADV-2006-1268
Vendor URL: http://hostingcontroller.com/

Credit

Syst3m_f4ult - Crouz Security Team

Direct URL: http://osvdb.org/24447