The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
Max CVSS
5.0
EPSS Score
0.76%
Published
2001-12-06
Updated
2017-12-19
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
Max CVSS
10.0
EPSS Score
3.59%
Published
2001-08-14
Updated
2017-10-10
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
Max CVSS
5.0
EPSS Score
0.95%
Published
2001-07-02
Updated
2017-12-19
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
Max CVSS
7.5
EPSS Score
24.59%
Published
2001-07-02
Updated
2017-12-19
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
Max CVSS
6.4
EPSS Score
1.63%
Published
2001-01-09
Updated
2017-10-10
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!