Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.Referenceshttp://marc.info/?l=bugtraq&m=111026083314947&w=2http://isun.shabgard.org/hc2.txthttp://secunia.com/advisories/14522
