CVE-2000-0128
published 2000-02-04CVE-2000-0128: The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.
PriorityP340critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.67%
90.6th percentile
The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| daniel_beckham | the_finger_server | — | — |
| daniel_beckham | the_finger_server | — | — |
| daniel_beckham | the_finger_server | — | — |
| daniel_beckham | the_finger_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sambar Server 5.1 - Sample Script Denial of Service
exploitdb·2002-02-06
CVE-2002-0128 Sambar Server 5.1 - Sample Script Denial of Service
Sambar Server 5.1 - Sample Script Denial of Service
---
// source: https://www.securityfocus.com/bid/3885/info
Sambar Server is a multi-threaded web server which will run on Microsoft Windows 9x/ME/NT/2000 operating systems.
It is possible to cause a denial of service to Sambar Server by sending consecutive excessively long requests to the 'cgitest.exe' sample script.
The possibility exists that this issue may be the result of improper bounds checking. As a result, this vulnerability may potentially be used to execute arbitrary code on the host running the vulnerable software. Though this has not been confirmed.
While this issue was reported for Sambar Server 5.1, other versions may also be affected.
/*********************************************************************
**
** 06.02.
Exploit-DB
Daniel Beckham The Finger Server 0.82 Beta - Pipe
exploitdb·2000-02-04
CVE-2000-0128 Daniel Beckham The Finger Server 0.82 Beta - Pipe
Daniel Beckham The Finger Server 0.82 Beta - Pipe
---
source: https://www.securityfocus.com/bid/974/info
'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the server which will run with the priveleges of the webserver.
A request like:
http ://target/finger.cgi?action=archives&cmd=specific
&filename=99.10.28.15.23.username.||
(split for readability)
will cause the server to execute whatever command is specified.
No writeups or analysis indexed.
2000-02-04
Published