CVE-2005-0695 - Climacteric Boil
Description
The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner’s e-mail address by providing a portion of the domain name to the \login ID\ field.
Reference
http://isun.shabgard.org/hc2.txt http://secunia.com/advisories/14522 http://marc.info/?l=bugtraq&m=111026083314947&w=2