Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by virtual_hosting_control_system
CVE-2007-3988 (GCVE-0-2007-3988)
Vulnerability from nvd – Published: 2007-07-25 18:00 – Updated: 2024-08-07 14:37
VLAI
EPSS
VEX
Summary
Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/25006 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2926 | third-party-advisoryx_refsource_SREASON |
| http://www.majorsecurity.de/index_2.php?major_rls… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/474324/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/26142 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25006"
},
{
"name": "vhcs-phpsessid-session-hijacking(35548)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35548"
},
{
"name": "2926",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2926"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls51"
},
{
"name": "20070721 [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474324/100/0/threaded"
},
{
"name": "26142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25006"
},
{
"name": "vhcs-phpsessid-session-hijacking(35548)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35548"
},
{
"name": "2926",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2926"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls51"
},
{
"name": "20070721 [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474324/100/0/threaded"
},
{
"name": "26142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25006"
},
{
"name": "vhcs-phpsessid-session-hijacking(35548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35548"
},
{
"name": "2926",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2926"
},
{
"name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls51",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls51"
},
{
"name": "20070721 [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474324/100/0/threaded"
},
{
"name": "26142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3988",
"datePublished": "2007-07-25T18:00:00.000Z",
"dateReserved": "2007-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:05.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2174 (GCVE-0-2006-2174)
Vulnerability from nvd – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19940 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/432711 | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/1634 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.aria-security.net/hm/vhcs.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/832 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/17790 | vdb-entryx_refsource_BID |
Date Public
2006-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:27.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19940"
},
{
"name": "20060502 VHCS --- Virtual Hosting Control System Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432711"
},
{
"name": "ADV-2006-1634",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1634"
},
{
"name": "vhcs-serverdaystats-xss(26209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26209"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.aria-security.net/hm/vhcs.txt"
},
{
"name": "832",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/832"
},
{
"name": "17790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19940"
},
{
"name": "20060502 VHCS --- Virtual Hosting Control System Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432711"
},
{
"name": "ADV-2006-1634",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1634"
},
{
"name": "vhcs-serverdaystats-xss(26209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26209"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.aria-security.net/hm/vhcs.txt"
},
{
"name": "832",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/832"
},
{
"name": "17790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19940"
},
{
"name": "20060502 VHCS --- Virtual Hosting Control System Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432711"
},
{
"name": "ADV-2006-1634",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1634"
},
{
"name": "vhcs-serverdaystats-xss(26209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26209"
},
{
"name": "http://www.aria-security.net/hm/vhcs.txt",
"refsource": "MISC",
"url": "http://www.aria-security.net/hm/vhcs.txt"
},
{
"name": "832",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/832"
},
{
"name": "17790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2174",
"datePublished": "2006-05-04T10:00:00.000Z",
"dateReserved": "2006-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:27.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0683 (GCVE-0-2006-0683)
Vulnerability from nvd – Published: 2006-02-15 00:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18799 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/424816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/16600 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0534 | vdb-entryx_refsource_VUPEN |
Date Public
2006-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vhcs-admin-xss(24664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24664"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vhcs-admin-xss(24664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24664"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vhcs-admin-xss(24664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24664"
},
{
"name": "18799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0683",
"datePublished": "2006-02-15T00:00:00.000Z",
"dateReserved": "2006-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0685 (GCVE-0-2006-0685)
Vulnerability from nvd – Published: 2006-02-15 00:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18799 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/424816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/16600 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/0534 | vdb-entryx_refsource_VUPEN |
Date Public
2006-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "vhcs-checklogin-auth-bypass(24666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24666"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "vhcs-checklogin-auth-bypass(24666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24666"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "vhcs-checklogin-auth-bypass(24666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24666"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0685",
"datePublished": "2006-02-15T00:00:00.000Z",
"dateReserved": "2006-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0686 (GCVE-0-2006-0686)
Vulnerability from nvd – Published: 2006-02-15 00:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/430 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18799 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/424816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/16600 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0534 | vdb-entryx_refsource_VUPEN |
Date Public
2006-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "430",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/430"
},
{
"name": "vhcs-adduser-privilege-escalation(24667)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24667"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "430",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/430"
},
{
"name": "vhcs-adduser-privilege-escalation(24667)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24667"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "430",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/430"
},
{
"name": "vhcs-adduser-privilege-escalation(24667)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24667"
},
{
"name": "18799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0686",
"datePublished": "2006-02-15T00:00:00.000Z",
"dateReserved": "2006-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0684 (GCVE-0-2006-0684)
Vulnerability from nvd – Published: 2006-02-15 00:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18799 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/424816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/16600 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0534 | vdb-entryx_refsource_VUPEN |
Date Public
2006-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vhcs-change-password-weakness(24665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vhcs-change-password-weakness(24665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vhcs-change-password-weakness(24665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665"
},
{
"name": "18799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0684",
"datePublished": "2006-02-15T00:00:00.000Z",
"dateReserved": "2006-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3902 (GCVE-0-2005-3902)
Vulnerability from nvd – Published: 2005-11-29 23:00 – Updated: 2024-08-07 23:24
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15538 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/202 | third-party-advisoryx_refsource_SREASON |
| http://marc.info/?l=bugtraq&m=113269811630139&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt | x_refsource_MISC |
| http://www.osvdb.org/21060 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/17704/ | third-party-advisoryx_refsource_SECUNIA |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15538"
},
{
"name": "202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/202"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113269811630139\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt"
},
{
"name": "21060",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21060"
},
{
"name": "vhcs-http-error-xss(23209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209"
},
{
"name": "17704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17704/"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15538"
},
{
"name": "202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/202"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113269811630139\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt"
},
{
"name": "21060",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21060"
},
{
"name": "vhcs-http-error-xss(23209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209"
},
{
"name": "17704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17704/"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15538"
},
{
"name": "202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/202"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113269811630139\u0026w=2"
},
{
"name": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt"
},
{
"name": "21060",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21060"
},
{
"name": "vhcs-http-error-xss(23209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209"
},
{
"name": "17704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17704/"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3902",
"datePublished": "2005-11-29T23:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1128 (GCVE-0-2005-1128)
Vulnerability from nvd – Published: 2005-04-16 04:00 – Updated: 2024-09-17 00:10
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1013703 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/15541 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013703"
},
{
"name": "15541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-16T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013703"
},
{
"name": "15541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013703"
},
{
"name": "15541",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1128",
"datePublished": "2005-04-16T04:00:00.000Z",
"dateReserved": "2005-04-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:10:46.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3988 (GCVE-0-2007-3988)
Vulnerability from cvelistv5 – Published: 2007-07-25 18:00 – Updated: 2024-08-07 14:37
VLAI
EPSS
VEX
Summary
Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/25006 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2926 | third-party-advisoryx_refsource_SREASON |
| http://www.majorsecurity.de/index_2.php?major_rls… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/474324/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/26142 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25006"
},
{
"name": "vhcs-phpsessid-session-hijacking(35548)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35548"
},
{
"name": "2926",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2926"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls51"
},
{
"name": "20070721 [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474324/100/0/threaded"
},
{
"name": "26142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25006"
},
{
"name": "vhcs-phpsessid-session-hijacking(35548)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35548"
},
{
"name": "2926",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2926"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls51"
},
{
"name": "20070721 [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474324/100/0/threaded"
},
{
"name": "26142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25006"
},
{
"name": "vhcs-phpsessid-session-hijacking(35548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35548"
},
{
"name": "2926",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2926"
},
{
"name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls51",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls51"
},
{
"name": "20070721 [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474324/100/0/threaded"
},
{
"name": "26142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3988",
"datePublished": "2007-07-25T18:00:00.000Z",
"dateReserved": "2007-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:05.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2174 (GCVE-0-2006-2174)
Vulnerability from cvelistv5 – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19940 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/432711 | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/1634 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.aria-security.net/hm/vhcs.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/832 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/17790 | vdb-entryx_refsource_BID |
Date Public
2006-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:27.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19940"
},
{
"name": "20060502 VHCS --- Virtual Hosting Control System Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432711"
},
{
"name": "ADV-2006-1634",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1634"
},
{
"name": "vhcs-serverdaystats-xss(26209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26209"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.aria-security.net/hm/vhcs.txt"
},
{
"name": "832",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/832"
},
{
"name": "17790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19940"
},
{
"name": "20060502 VHCS --- Virtual Hosting Control System Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432711"
},
{
"name": "ADV-2006-1634",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1634"
},
{
"name": "vhcs-serverdaystats-xss(26209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26209"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.aria-security.net/hm/vhcs.txt"
},
{
"name": "832",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/832"
},
{
"name": "17790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19940"
},
{
"name": "20060502 VHCS --- Virtual Hosting Control System Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432711"
},
{
"name": "ADV-2006-1634",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1634"
},
{
"name": "vhcs-serverdaystats-xss(26209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26209"
},
{
"name": "http://www.aria-security.net/hm/vhcs.txt",
"refsource": "MISC",
"url": "http://www.aria-security.net/hm/vhcs.txt"
},
{
"name": "832",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/832"
},
{
"name": "17790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2174",
"datePublished": "2006-05-04T10:00:00.000Z",
"dateReserved": "2006-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:27.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0683 (GCVE-0-2006-0683)
Vulnerability from cvelistv5 – Published: 2006-02-15 00:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18799 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/424816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/16600 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0534 | vdb-entryx_refsource_VUPEN |
Date Public
2006-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vhcs-admin-xss(24664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24664"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vhcs-admin-xss(24664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24664"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vhcs-admin-xss(24664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24664"
},
{
"name": "18799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0683",
"datePublished": "2006-02-15T00:00:00.000Z",
"dateReserved": "2006-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0685 (GCVE-0-2006-0685)
Vulnerability from cvelistv5 – Published: 2006-02-15 00:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18799 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/424816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/16600 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/0534 | vdb-entryx_refsource_VUPEN |
Date Public
2006-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "vhcs-checklogin-auth-bypass(24666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24666"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "vhcs-checklogin-auth-bypass(24666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24666"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "vhcs-checklogin-auth-bypass(24666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24666"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0685",
"datePublished": "2006-02-15T00:00:00.000Z",
"dateReserved": "2006-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0686 (GCVE-0-2006-0686)
Vulnerability from cvelistv5 – Published: 2006-02-15 00:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/430 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18799 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/424816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/16600 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0534 | vdb-entryx_refsource_VUPEN |
Date Public
2006-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "430",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/430"
},
{
"name": "vhcs-adduser-privilege-escalation(24667)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24667"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "430",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/430"
},
{
"name": "vhcs-adduser-privilege-escalation(24667)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24667"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "430",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/430"
},
{
"name": "vhcs-adduser-privilege-escalation(24667)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24667"
},
{
"name": "18799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0686",
"datePublished": "2006-02-15T00:00:00.000Z",
"dateReserved": "2006-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0684 (GCVE-0-2006-0684)
Vulnerability from cvelistv5 – Published: 2006-02-15 00:00 – Updated: 2024-08-07 16:41
VLAI
EPSS
VEX
Summary
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18799 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/424816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/16600 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0534 | vdb-entryx_refsource_VUPEN |
Date Public
2006-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vhcs-change-password-weakness(24665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vhcs-change-password-weakness(24665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665"
},
{
"name": "18799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vhcs-change-password-weakness(24665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665"
},
{
"name": "18799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18799"
},
{
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0684",
"datePublished": "2006-02-15T00:00:00.000Z",
"dateReserved": "2006-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3902 (GCVE-0-2005-3902)
Vulnerability from cvelistv5 – Published: 2005-11-29 23:00 – Updated: 2024-08-07 23:24
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/15538 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/202 | third-party-advisoryx_refsource_SREASON |
| http://marc.info/?l=bugtraq&m=113269811630139&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt | x_refsource_MISC |
| http://www.osvdb.org/21060 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/17704/ | third-party-advisoryx_refsource_SECUNIA |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15538"
},
{
"name": "202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/202"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113269811630139\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt"
},
{
"name": "21060",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21060"
},
{
"name": "vhcs-http-error-xss(23209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209"
},
{
"name": "17704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17704/"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15538"
},
{
"name": "202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/202"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113269811630139\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt"
},
{
"name": "21060",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21060"
},
{
"name": "vhcs-http-error-xss(23209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209"
},
{
"name": "17704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17704/"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15538"
},
{
"name": "202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/202"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113269811630139\u0026w=2"
},
{
"name": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt"
},
{
"name": "21060",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21060"
},
{
"name": "vhcs-http-error-xss(23209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209"
},
{
"name": "17704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17704/"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3902",
"datePublished": "2005-11-29T23:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1128 (GCVE-0-2005-1128)
Vulnerability from cvelistv5 – Published: 2005-04-16 04:00 – Updated: 2024-09-17 00:10
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1013703 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/15541 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013703"
},
{
"name": "15541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-16T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013703"
},
{
"name": "15541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013703"
},
{
"name": "15541",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1128",
"datePublished": "2005-04-16T04:00:00.000Z",
"dateReserved": "2005-04-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:10:46.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}