source: http://www.securityfocus.com/bid/7896/info Sphera HostingDirector VDS Control Panel has been reported prone to a vulnerability where an attacker may make arbitrary account configuration modifications. It has been reported that an attacker, may connect to the HostingDirector server and spoof HTTP referrer data to bypass HostingDirector authentication systems. It is then possible to make arbitrary modifications to other HostingDirector account configurations. http://www.example.com/[INSTALLATION PATH]/dev/VDS/submitted.php?[TARGET USER]\activeservices\http||watchdog_running=[false]&restart_vds=on&success_m sg=Remote USER VDS restarted trough this kind of attack/watch dog disabled.
Related ExploitsOther Possible E-DB Search Terms: Sphera HostingDirector 1.0/2.0/3.0, Sphera HostingDirector
|2003-06-13||22762||Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities||Lorenzo Hernandez Garcia-Hierro|