CVE-2000-1069

The CVE concerns pollit.cgi in Poll It 2.01 and earlier, where remote attackers can access administrative functions without the real password by supplying the same value to entered_password and admin_password. The provided references confirm the vulnerable component and the authentication bypass,...

CVE-2000-0590

CVE-2000-0590 affects the Poll It 2.0 CGI script. The vulnerability allows a remote attacker to read arbitrary files by supplying a file name in the data_dir parameter, with an example showing access to /etc/passwd. OpenVAS/Nessus entries corroborate arbitrary file access via the CGI. Remediation...

CVE-2000-1068

The CVE-2000-1068 entry concerns Poll It 2.0: the pollit.cgi component is vulnerable to remote command execution via shell metacharacters supplied in the poll_options parameter. The underlying issue is improper handling of user-supplied input in that parameter, enabling an attacker to execute arb...

CVE-2000-1070

Poll It 2.01 and earlier are affected by CVE-2000-1070 due to pollit.cgi using data files located under the web document root. This configuration permits remote attackers to access sensitive or private information. The provided documents do not specify affected versions beyond 2.01 and earlier, n...