CVE-2000-0526
published 2000-06-09CVE-2000-0526: mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
6.97%
93.3th percentile
mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3r_soft | mailstudio_2000 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft ISA Server 2000 - Cross-Site Scripting
exploitdb·2003-07-16
CVE-2003-0526 Microsoft ISA Server 2000 - Cross-Site Scripting
Microsoft ISA Server 2000 - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/8207/info
ISA server will output certain error pages when requests that are invalid, for whatever reason, are transmitted through it. These error pages will appear in the context of the domain that the request was made for. It has been reported that many of these error pages contain cross-site scripting vulnerabilities that allow for the execution of script code (embedded in the request URI) in the context of client requested domains.
The following proof-of-concept was provided:
http://[email protected]/%U0
The above proof-of-concept will include and execute http://jscript.dk/test.js on YOUR.TLD, this is provided that YOUR.TLD is protected by an ISA Server installation.
*http://:test@[site]/t
Exploit-DB
3R Soft MailStudio 2000 2.0 - Arbitrary File Access
exploitdb·2000-06-09
CVE-2000-0526 3R Soft MailStudio 2000 2.0 - Arbitrary File Access
3R Soft MailStudio 2000 2.0 - Arbitrary File Access
---
source: https://www.securityfocus.com/bid/1335/info
MailStudio 2000 is vulnerable to multiple attacks.
It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string passed to a CGI, thereby compromising the confidentiality of other users email and password, as well as other configuration and password files on the system.
It is also possible to set a password for those system user accounts which don't have one in place (ex: operator, gopher etc).
There is also a input validation vulnerability in the userreg.cgi. This CGI uses a shell to execute certain commands. Passing any command directly after %0a in the arguments of the CGI will allow a remote user to execute the com
No writeups or analysis indexed.
2000-06-09
Published