Matt Wright : Security Vulnerabilities, CVEs, Published In 1999
Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
Max CVSS
5.0
EPSS Score
1.15%
Published
1999-09-09
Updated
2008-09-05
CVE-1999-1053
Public exploit
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Max CVSS
7.5
EPSS Score
94.36%
Published
1999-09-13
Updated
2008-09-05
Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
Max CVSS
5.0
EPSS Score
0.81%
Published
1999-11-16
Updated
2008-09-05
Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template.
Max CVSS
5.0
EPSS Score
1.99%
Published
1999-11-12
Updated
2017-12-19
WWWBoard has a default username and default password.
Max CVSS
7.5
EPSS Score
1.46%
Published
1999-09-16
Updated
2008-09-09
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
Max CVSS
10.0
EPSS Score
10.14%
Published
1999-09-16
Updated
2022-08-17
6 vulnerabilities found