Search...

CVE-2000-1176

2001-01-09T00:00:00

ID CVE-2000-1176
Type cve
Reporter NVD
Modified 2008-09-05T16:22:50

Description

Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field.

JSON Vulners Source

Initial Source

{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1176", "history": [], "references": ["http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html", "http://www.securityfocus.com/bid/1921"], "lastseen": "2016-09-03T02:50:41", "bulletinFamily": "NVD", "title": "CVE-2000-1176", "cpe": ["cpe:/a:yabb:yabb:2000-09-11"], "viewCount": 0, "id": "CVE-2000-1176", "hash": "5d3e6338be4f0b497e2a791204dc0a20bbb2eb0fdec3fb9950f185c9bb98ab40", "description": "Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the \"catsearch\" form field.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2000-1176"], "scanner": [], "modified": "2008-09-05T16:22:50", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2001-01-09T00:00:00", "enchantments": {"vulnersScore": 5.0}}

{"result": {"exploitdb": [{"id": "EDB-ID:20387", "type": "exploitdb", "title": "YaBB 9.11.2000 - search.pl Arbitrary Command Execution Vulnerability", "description": "YaBB 9.11.2000 search.pl Arbitrary Command Execution Vulnerability. CVE-2000-1176. Remote exploit for cgi platform", "published": "2000-11-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/20387/", "cvelist": ["CVE-2000-1176"], "lastseen": "2016-02-02T14:08:29"}], "nessus": [{"id": "YABBSE_CMD_EXEC.NASL", "type": "nessus", "title": "YaBB SE < 1.5.2 Multiple Vulnerabilities", "description": "The remote host is using the YaBB SE forum management system. \n\nAccording to its version number, this forum is vulnerable to a code injection bug that could allow an attacker with a valid account to execute arbitrary commands on this host by sending a malformed 'language' parameter in the web request. \n\nIn addition to this flaw, this version is vulnerable to other flaws such as SQL injection and directory traversal.", "published": "2003-05-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=11588", "cvelist": ["CVE-2000-1176"], "lastseen": "2016-11-24T09:25:12"}], "osvdb": [{"id": "OSVDB:7697", "type": "osvdb", "title": "YaBB search.pl Arbitrary File Read", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html\nKeyword: Directory Traversal\nISS X-Force ID: 5501\n[CVE-2000-1176](https://vulners.com/cve/CVE-2000-1176)\nBugtraq ID: 1921\n", "published": "2000-11-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:7697", "cvelist": ["CVE-2000-1176"], "lastseen": "2017-04-28T13:20:02"}]}}