MidnightBSD

Advisories for cgi-world

CVE-2000-0590 HIGH

Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi-world poll_it 2.0
CVE-2000-1068 HIGH

pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi-world poll_it 2.0
cgi-world poll_it_pro 1.6
CVE-2000-1069 MEDIUM

pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi-world poll_it 2.01
cgi-world poll_it 2.0
cgi-world poll_it_pro 1.6
CVE-2000-1070 MEDIUM

pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi-world poll_it 2.01
cgi-world poll_it 2.0
cgi-world poll_it_pro 1.6