Lucene search
K
Cgi Script CenterAuction Weaver

5 matches found

CVE
CVE
added 2001/01/22 5:0 a.m.52 views

CVE-2000-0811

CVE-2000-0811 affects Auction Weaver 1.0–1.04 (Auction Weaver LITE) and stems from improper validation of directory traversal strings (..), enabling remote attackers to read arbitrary files through the username or bidfile fields. Affected products include CGI Script Center’s Auction Weaver LITE r...

5CVSS6.7AI score0.01562EPSS
CVE
CVE
added 2000/09/21 4:0 a.m.51 views

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier is affected by a traversal flaw that lets remote attackers read arbitrary files through a .. attack in the fromfile parameter. Affected product: Auction Weaver LITE (1.0–1.04) per historical advisories; impact is remote file disclosure. Patch available: ...

5CVSS6.7AI score0.01448EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.50 views

CVE-2000-0810

Auction Weaver (LITE) versions 1.0–1.04 suffer a form-field name validation flaw that allows remote attackers to delete arbitrary files and directories via a dot-dot path traversal. The underlying issue is improper validation of input names, enabling remote exploitation without authentication. Im...

7.5CVSS6.8AI score0.01612EPSS
CVE
CVE
added 2000/09/21 4:0 a.m.49 views

CVE-2000-0690

Auction Weaver CGI script 1.02 and earlier is affected by a remote command execution vulnerability: an attacker can inject shell metacharacters into the fromfile parameter to execute arbitrary commands. According to the PacketStorm entry, a patch exists (Auction Weaver 1.05). The NVD entry confir...

10CVSS7.7AI score0.1051EPSS
CVE
CVE
added 2000/09/21 4:0 a.m.44 views

CVE-2000-0687

CVE-2000-0687 affects Auction Weaver CGI script LITE (1.0–1.04). A directory traversal flaw in the catdir parameter allows remote attackers to read arbitrary files. The vulnerability is remotely exploitable and was reported for UNIX and Windows NT platforms. The issue arises in versions 1.0 throu...

10CVSS6.7AI score0.02514EPSS