MidnightBSD

Advisories for cgi_script_center

CVE-2000-0686 MEDIUM

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi_script_center auction_weaver *
CVE-2000-0687 HIGH

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi_script_center auction_weaver *
CVE-2000-0688 HIGH

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi_script_center subscribe_me_lite 2.0
CVE-2000-0689 HIGH

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi_script_center account_manager pro_1.0
cgi_script_center account_manager lite_1.0
CVE-2000-0690 HIGH

Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi_script_center auction_weaver 1.02
cgi_script_center auction_weaver 1.0
CVE-2000-0810 HIGH

Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi_script_center auction_weaver 1.04
cgi_script_center auction_weaver 1.01
cgi_script_center auction_weaver 1.02
cgi_script_center auction_weaver 1.0
cgi_script_center auction_weaver 1.03
CVE-2000-0811 MEDIUM

Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi_script_center auction_weaver 1.04
cgi_script_center auction_weaver 1.01
cgi_script_center auction_weaver 1.02
cgi_script_center auction_weaver 1.0
cgi_script_center auction_weaver 1.03
CVE-2001-0086 MEDIUM

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi_script_center subscribe_me_lite 1.0
cgi_script_center subscribe_me_lite 2.0