ID CVE-2000-1176 Type cve Reporter NVD Modified 2008-09-05T16:22:50
Description
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field.
{"result": {"exploitdb": [{"id": "EDB-ID:20387", "type": "exploitdb", "title": "YaBB 9.11.2000 - search.pl Arbitrary Command Execution Vulnerability", "description": "YaBB 9.11.2000 search.pl Arbitrary Command Execution Vulnerability. CVE-2000-1176. Remote exploit for cgi platform", "published": "2000-11-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/20387/", "cvelist": ["CVE-2000-1176"], "lastseen": "2016-02-02T14:08:29"}], "nessus": [{"id": "YABBSE_CMD_EXEC.NASL", "type": "nessus", "title": "YaBB SE < 1.5.2 Multiple Vulnerabilities", "description": "The remote host is using the YaBB SE forum management system. \n\nAccording to its version number, this forum is vulnerable to a code injection bug that could allow an attacker with a valid account to execute arbitrary commands on this host by sending a malformed 'language' parameter in the web request. \n\nIn addition to this flaw, this version is vulnerable to other flaws such as SQL injection and directory traversal.", "published": "2003-05-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=11588", "cvelist": ["CVE-2000-1176"], "lastseen": "2016-11-24T09:25:12"}], "osvdb": [{"id": "OSVDB:7697", "type": "osvdb", "title": "YaBB search.pl Arbitrary File Read", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html\nKeyword: Directory Traversal\nISS X-Force ID: 5501\n[CVE-2000-1176](https://vulners.com/cve/CVE-2000-1176)\nBugtraq ID: 1921\n", "published": "2000-11-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:7697", "cvelist": ["CVE-2000-1176"], "lastseen": "2017-04-28T13:20:02"}]}}