25 matches found
EUVD-2000-0686
Malware in sbrugna...
EUVD-2000-0683
Malware in sbrugna...
EUVD-2000-0805
Malware in sbrugna...
EUVD-2000-0682
Malware in sbrugna...
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon...
CVE-2000-0811
CVE-2000-0811 affects Auction Weaver 1.0–1.04 (Auction Weaver LITE) and stems from improper validation of directory traversal strings (..), enabling remote attackers to read arbitrary files through the username or bidfile fields. Affected products include CGI Script Center’s Auction Weaver LITE r...
CVE-2000-0811
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. dot dot attack on the username or bidfile form fields...
CVE-2000-0810
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. dot dot attack...
CVE-2000-0810
Auction Weaver (LITE) versions 1.0–1.04 suffer a form-field name validation flaw that allows remote attackers to delete arbitrary files and directories via a dot-dot path traversal. The underlying issue is improper validation of input names, enabling remote exploitation without authentication. Im...
CVE-2000-0810
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. dot dot attack...
CVE-2000-0811
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. dot dot attack on the username or bidfile form fields...
CVE-2000-0687
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the catdir parameter...
CVE-2000-0690
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter...
CVE-2000-0686
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the fromfile parameter...
auction.weaver.txt
File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 -------------------------------------------------------------- Title: File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Author: Steve Christey [email protected] Date Published: October 16, 2000 Product Name: Auction Weaver...
CVE-2000-0690
Auction Weaver CGI script 1.02 and earlier is affected by a remote command execution vulnerability: an attacker can inject shell metacharacters into the fromfile parameter to execute arbitrary commands. According to the PacketStorm entry, a patch exists (Auction Weaver 1.05). The NVD entry confir...
CVE-2000-0690
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter...
CVE-2000-0686
Auction Weaver CGI script 1.03 and earlier is affected by a traversal flaw that lets remote attackers read arbitrary files through a .. attack in the fromfile parameter. Affected product: Auction Weaver LITE (1.0–1.04) per historical advisories; impact is remote file disclosure. Patch available: ...
CVE-2000-0687
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the catdir parameter...
CVE-2000-0687
CVE-2000-0687 affects Auction Weaver CGI script LITE (1.0–1.04). A directory traversal flaw in the catdir parameter allows remote attackers to read arbitrary files. The vulnerability is remotely exploitable and was reported for UNIX and Windows NT platforms. The issue arises in versions 1.0 throu...