Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0810

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0810
Last Modified 10 Sep 2008 03:05:53
Published 19 Dec 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0810

Summary

Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.

Vulnerable Systems

Application

  • Cgi Script Center Auction Weaver 1.0

  • Cgi Script Center Auction Weaver 1.01

  • Cgi Script Center Auction Weaver 1.02

  • Cgi Script Center Auction Weaver 1.03

  • Cgi Script Center Auction Weaver 1.04


References

XF - auction-weaver-delete-files

BID - 1782

OSVDB - 1600


Last Updated: 27 May 2016 10:35:52