CVE-2000-0187
published 2000-02-27CVE-2000-0187: EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.53%
94.4th percentile
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alex_heiphetz_group | ezshopper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal
exploitdb·2004-11-25
CVE-2000-0187 Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal
Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal
---
Example:
http://targethost/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html
# milw0rm.com [2004-11-25]
Exploit-DB
Microsoft SQL Server 2000 - SQLXML Script Injection
exploitdb·2002-06-12
CVE-2002-0187 Microsoft SQL Server 2000 - SQLXML Script Injection
Microsoft SQL Server 2000 - SQLXML Script Injection
---
source: https://www.securityfocus.com/bid/5005/info
SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML (Extensible Markup Language) format. Such queries can be sent using various methods of communication, one of which is via HTTP. SQLXML HTTP components reside in a virtual directory on a web server and are not enabled by default.
It is possible, under some circumstances, to inject arbitrary script code via XML tags. This may allow an attacker to execute script code in the context of the Internet Explorer Security Zone associated with the IIS server running the vulnerable components.
It should be noted that successful exploitation of this vulnerability is highly conditi
Exploit-DB
Alex Heiphetz Group eZshopper 3.0 - Remote Command Execution
exploitdb·2000-02-27
CVE-2000-0187 Alex Heiphetz Group eZshopper 3.0 - Remote Command Execution
Alex Heiphetz Group eZshopper 3.0 - Remote Command Execution
---
source: https://www.securityfocus.com/bid/1014/info
EZShopper is a perl-based E-Commerce software package offered by Alex Heiphetz Group, Inc. It is possible to remotely compromise a host due to a lack of checks on user input passed directly to the open() call. This vulnerability exists in two scripts shipped with EZShopper, loadpage.cgi and search.cgi.
In the first vulnerability, the variable passed to open() is called "file" and is submitted to a script called loadpage.cgi. There are no checks on "file", meaning that if "../" preceed an arbitrary filename/path as the file variable, those "../" paths will be followed and the arbitrary file anywhere on the filesystem will be displayed (provided that the uid of the webserv
No writeups or analysis indexed.
2000-02-27
Published