Lucene search

K

WebCom datakommunikation Guestbook 0.1 - 'wguest.exe' Arbitrary File Access

๐Ÿ—“๏ธย 09 Apr 1999ย 00:00:00Reported byย MnemonixTypeย 
exploitdb
ย exploitdb
๐Ÿ”—ย www.exploit-db.com๐Ÿ‘ย 25ย Views

Show more
Related
Code
ReporterTitlePublishedViews
Family
Exploit DB
WebCom datakommunikation Guestbook 0.1 - 'rguest.exe' Arbitrary File Access
9 Apr 199900:00
โ€“exploitdb
CVE
CVE-1999-0467
4 Feb 200005:00
โ€“cve
CVE
CVE-1999-0287
4 Feb 200005:00
โ€“cve
NVD
CVE-1999-0467
1 Apr 199905:00
โ€“nvd
NVD
CVE-1999-0287
9 Apr 199904:00
โ€“nvd
Cvelist
CVE-1999-0467
4 Feb 200005:00
โ€“cvelist
Cvelist
CVE-1999-0287
4 Feb 200005:00
โ€“cvelist
source: https://www.securityfocus.com/bid/2024/info

The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter "template" to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin. 

A request for http://server/cgi-bin/wguest.exe?template=c:\boot.ini will return the remote Web server's boot.ini

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Apr 1999 00:00Current
7.4High risk
Vulners AI Score7.4
25
.json
Report