Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0688

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0688
Last Modified 05 Sep 2008 04:21:38
Published 20 Oct 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0688

Summary

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

Vulnerable Systems

Application

  • Cgi Script Center Subscribe Me Lite 2.0


References

BID - 1607

CONFIRM - http://www.cgiscriptcenter.com/subscribe/

BUGTRAQ - 20000823 Subscribe Me Vulnerability

BUGTRAQ - 20000823 Re: Subscribe Me CGI Vulnerability


Last Updated: 27 May 2016 10:35:50