Hosting Controller 1.x/6.1 - Multiple Information Disclosure Vulnerabilities

EDB-ID:

25194

CVE:

N/A




Platform:

Windows

Date:

2005-03-07


source: https://www.securityfocus.com/bid/12748/info

Hosting Controller is reported prone to multiple information disclosure vulnerabilities. These issues can allow an attacker to disclose sensitive information, which may be used to carry out further attacks against a computer.

An attacker can access a sensitive file to enumerate domain names of all hosted domains.

Another issue affecting the application may allow remote users to disclose an administrator's email address.

These issues are reported to affect Hosting Controller 6.1 Hotfix 1.7. Other versions are likely to be affected as well.

http://www.example.com/admin/logs/HCDiskQuotaService.csv