Cgi Script Center : Security Vulnerabilities, CVEs, Published In 2000
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
Max CVSS
5.0
EPSS Score
0.54%
Published
2000-12-19
Updated
2018-05-03
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
Max CVSS
7.5
EPSS Score
1.22%
Published
2000-12-19
Updated
2018-05-03
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
Max CVSS
10.0
EPSS Score
3.68%
Published
2000-10-20
Updated
2008-09-10
Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.
Max CVSS
7.5
EPSS Score
3.59%
Published
2000-10-20
Updated
2017-07-11
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
Max CVSS
7.5
EPSS Score
2.41%
Published
2000-10-20
Updated
2016-10-18
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.
Max CVSS
10.0
EPSS Score
0.58%
Published
2000-10-20
Updated
2008-09-05
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
Max CVSS
5.0
EPSS Score
0.58%
Published
2000-10-20
Updated
2008-09-05
7 vulnerabilities found