CVE-2000-1014
published 2000-12-11CVE-2000-1014: Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
11.51%
95.5th percentile
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sco | unixware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Unixware 7.0 - SCOhelp HTTP Server Format String
exploitdb·2000-09-26
CVE-2000-1014 Unixware 7.0 - SCOhelp HTTP Server Format String
Unixware 7.0 - SCOhelp HTTP Server Format String
---
source: https://www.securityfocus.com/bid/1717/info
SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose has a vulnerability that could allow any remote attacker to execute arbitrary code on the vulnerable machine with privileges of user "nobody". This poses a threat that could result in the remote compromise of the vulnerable host and provide a staging point from where an attacker could escalate privileges.
There is a user supplied format string bug in the vtopic CGI script that could be abused to execute arbitrary code. By sending a request with the following URI:
http://targ
Exploit-DB
Alex Heiphetz Group eZshopper 3.0 - Remote Command Execution
exploitdb·2000-02-27
CVE-2000-0187 Alex Heiphetz Group eZshopper 3.0 - Remote Command Execution
Alex Heiphetz Group eZshopper 3.0 - Remote Command Execution
---
source: https://www.securityfocus.com/bid/1014/info
EZShopper is a perl-based E-Commerce software package offered by Alex Heiphetz Group, Inc. It is possible to remotely compromise a host due to a lack of checks on user input passed directly to the open() call. This vulnerability exists in two scripts shipped with EZShopper, loadpage.cgi and search.cgi.
In the first vulnerability, the variable passed to open() is called "file" and is submitted to a script called loadpage.cgi. There are no checks on "file", meaning that if "../" preceed an arbitrary filename/path as the file variable, those "../" paths will be followed and the arbitrary file anywhere on the filesystem will be displayed (provided that the uid of the webserv
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.htmlhttp://www.osvdb.org/3240http://www.securityfocus.com/bid/1717https://exchange.xforce.ibmcloud.com/vulnerabilities/5291http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.htmlhttp://www.osvdb.org/3240http://www.securityfocus.com/bid/1717https://exchange.xforce.ibmcloud.com/vulnerabilities/5291
2000-12-11
Published