Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1014

5 documents4 sources
Severity
7.5HIGH
EPSS
8.7%
top 7.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SCO Unixware
Timeline
PublishedDec 11
Latest updateApr 30

Description

Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDsco/unixware7.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-m5qj-69g5-cc43: Format string vulnerability in the search972022-04-30
CVEList
CVE-2000-1014: Format string vulnerability in the search972001-01-22

💥Exploits & PoCs

2
Exploit-DB
Unixware 7.0 - SCOhelp HTTP Server Format String2000-09-26
Exploit-DB
Alex Heiphetz Group eZshopper 3.0 - Remote Command Execution2000-02-27
CVE-2000-1014 (HIGH CVSS 7.5) | Format string vulnerability in the | cvebase.io