| VID |
28147 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Hosting Controller which is older than version 6.1 Hotfix 3.2 is detected as installed on the host. Hosting Controller is a Web hosting automation tool for Microsoft Windows platforms. Hosting Controller versions prior to 6.1 Hotfix 3.2 are vulnerable to a privilege escalation vulnerability. An authenticated user could exploit this vulnerability to gain host administrative privileges and to view all resellers and change their passwords.
could allow a remote attacker to use PHP scripts to obtain sensitive information, such as the content of arbitrary files and directories on the system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html
http://secunia.com/advisories/20743/
* Platforms Affected:
HostingController.com, Hosting Controller versions prior to 6.1 Hotfix 3.2
Microsoft Windows Any version |
| Recommendation |
Upgrade to the Hosting Controller version 6.1 and apply the latest Hotfix (3.2 or later), available from the Hosting Controller Web site at http://www.hostingcontroller.com |
| Related URL |
(CVE) |
| Related URL |
18565 (SecurityFocus) |
| Related URL |
(ISS) |
|
