CVE-2000-0708
published 2000-10-20CVE-2000-0708: Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.41%
87.4th percentile
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pragma_systems | telnetserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
exploitdb·2002-10-02
CVE-2002-0708 SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
---
source: https://www.securityfocus.com/bid/5857/info
SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files.
The Reports Server does not sufficiently filter triple-dot-slash (.../) sequences from web requests. As a result, an attacker may break out of the root directory for the reporting service and browse the filesystem at large, disclosing arbitrary files that are readable by the Reports Server.
http://reports-server:8888/.../.../.../.../.../.../.../winnt/win.ini
Exploit-DB
PragmaSys TelnetServer 2000 - rexec Buffer Overflow
exploitdb·2000-08-24
CVE-2000-1002 PragmaSys TelnetServer 2000 - rexec Buffer Overflow
PragmaSys TelnetServer 2000 - rexec Buffer Overflow
---
source: https://www.securityfocus.com/bid/1605/info
Pragma Systems offers a windows remote access server called TelnetServer 2000. TelnetServer crashes if more than 1000 NULL characters are sent to its rexec port, 512. This can be executed by an anonymous attacker from anywhere on the internet. It is not known whether this apparent overflow can be exploited to gain access on the victim host.
#!/usr/bin/perl
#########################################################
# Exploit by USSRLabs www.ussrback.com
# send 5k of null causes the server to crash.
#########################################################
#
# ./$0.pl -s -p
#
# Null request DoS
#
use Getopt::Std;
use Socket;
getopts('s:p', \%args);
if(!defined($args{s})){&usage;}
No writeups or analysis indexed.
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247http://www.pragmasys.com/TelnetServer/http://www.securityfocus.com/bid/1605http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247http://www.pragmasys.com/TelnetServer/http://www.securityfocus.com/bid/1605
2000-10-20
Published