Lucene search
+L

318 matches found

Cvelist
Cvelist
added 2001/01/22 5:0 a.m.27 views

CVE-2000-0811

Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. dot dot attack on the username or bidfile form fields...

6.7AI score0.01562EPSS
Exploits1References3
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.23 views

CVE-2000-0810

Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. dot dot attack...

6.8AI score0.01612EPSS
Exploits1References3
NVD
NVD
added 2000/12/19 5:0 a.m.14 views

CVE-2000-0811

Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. dot dot attack on the username or bidfile form fields...

5CVSS6.7AI score0.01562EPSS
Exploits1References3
NVD
NVD
added 2000/12/19 5:0 a.m.16 views

CVE-2000-0810

Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. dot dot attack...

7.5CVSS6.8AI score0.01612EPSS
Exploits1References3
NVD
NVD
added 2000/10/20 4:0 a.m.18 views

CVE-2000-0687

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the catdir parameter...

10CVSS6.6AI score0.02514EPSS
Exploits2References2
NVD
NVD
added 2000/10/20 4:0 a.m.12 views

CVE-2000-0690

Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter...

10CVSS7.7AI score0.1051EPSS
Exploits2References2
NVD
NVD
added 2000/10/20 4:0 a.m.15 views

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the fromfile parameter...

5CVSS6.6AI score0.01448EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2000/10/19 12:0 a.m.49 views

auction.weaver.txt

File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 -------------------------------------------------------------- Title: File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Author: Steve Christey [email protected] Date Published: October 16, 2000 Product Name: Auction Weaver...

10CVSS6.6AI score0.1051EPSS
Exploits4
CVE
CVE
added 2000/09/21 4:0 a.m.49 views

CVE-2000-0690

Auction Weaver CGI script 1.02 and earlier is affected by a remote command execution vulnerability: an attacker can inject shell metacharacters into the fromfile parameter to execute arbitrary commands. According to the PacketStorm entry, a patch exists (Auction Weaver 1.05). The NVD entry confir...

10CVSS7.7AI score0.1051EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2000/09/21 4:0 a.m.51 views

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier is affected by a traversal flaw that lets remote attackers read arbitrary files through a .. attack in the fromfile parameter. Affected product: Auction Weaver LITE (1.0–1.04) per historical advisories; impact is remote file disclosure. Patch available: ...

5CVSS6.7AI score0.01448EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2000/09/21 4:0 a.m.46 views

CVE-2000-0687

CVE-2000-0687 affects Auction Weaver CGI script LITE (1.0–1.04). A directory traversal flaw in the catdir parameter allows remote attackers to read arbitrary files. The vulnerability is remotely exploitable and was reported for UNIX and Windows NT platforms. The issue arises in versions 1.0 throu...

10CVSS6.7AI score0.02514EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2000/09/21 4:0 a.m.24 views

CVE-2000-0687

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the catdir parameter...

6.6AI score0.02514EPSS
Exploits2References2
Cvelist
Cvelist
added 2000/09/21 4:0 a.m.22 views

CVE-2000-0690

Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter...

7.7AI score0.1051EPSS
Exploits2References2
Cvelist
Cvelist
added 2000/09/21 4:0 a.m.24 views

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the fromfile parameter...

6.6AI score0.01448EPSS
Exploits2References2
exploitpack
exploitpack
added 2000/08/30 12:0 a.m.28 views

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system...

1.2AI score
Exploits0
Exploit DB
Exploit DB
added 2000/08/30 12:0 a.m.30 views

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution

source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/08/26 12:0 a.m.58 views

Auction WeaverT LITE 1.0

Hi, I don't know if this has been reported before. Auction Weaver allow you to read files from server. Remote users can view source of files on server. http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=c at17&fromfile=9672512782Edat...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2000/08/26 12:0 a.m.21 views

Дырка в Auction Weaver

С помощью боратного пути в директориях можно получить доступ к любому файлу...

1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder