CVE-2000-1110
published 2001-01-09CVE-2000-1110: document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent…
PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.69%
84.0th percentile
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | net.data | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL IMAP find overflow attempt
suricata·2010-09-23
CVE-2000-0284 GPL IMAP find overflow attempt
GPL IMAP find overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP find overflow attempt"; flow:established,to_server; content:"FIND"; nocase; isdataat:100,relative; pcre:"/\sFIND\s[^\n]{100}/smi"; reference:bugtraq,1110; reference:cve,2000-0284; reference:nessus,10374; classtype:misc-attack; sid:2101904; rev:8; metadata:created_at 2010_09_23, cve CVE_2000_0284, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
GPL IMAP rename overflow attempt
suricata·2010-09-23
CVE-2000-0284 GPL IMAP rename overflow attempt
GPL IMAP rename overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP rename overflow attempt"; flow:established,to_server; content:"RENAME"; nocase; isdataat:100,relative; pcre:"/\sRENAME\s[^\n]{100}/smi"; reference:bugtraq,1110; reference:cve,2000-0284; reference:nessus,10374; classtype:misc-attack; sid:2101903; rev:9; metadata:created_at 2010_09_23, cve CVE_2000_0284, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Exploit-DB
UoW IMAPd Server 10.234/12.264 - Remote Buffer Overflow
exploitdb·2002-08-01
CVE-2000-0284 UoW IMAPd Server 10.234/12.264 - Remote Buffer Overflow
UoW IMAPd Server 10.234/12.264 - Remote Buffer Overflow
---
// source: https://www.securityfocus.com/bid/1110/info
A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes possible to execute code on the machine.
Executing the list command requires an account on the machine. In addition, privileges have been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a scenario where a user has an account, but no shell level access. This would allow them to gain shell access.
Overflows have also been found in the COPY, LSUB, RENAME and FIND command. All of these, like the LIST command, require a login on the machi
Exploit-DB
IBM Net.Data 7.0 - Full Path Disclosure
exploitdb·2000-11-29
CVE-2000-1110 IBM Net.Data 7.0 - Full Path Disclosure
IBM Net.Data 7.0 - Full Path Disclosure
---
source: https://www.securityfocus.com/bid/2017/info
IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases.
Net.Data contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, comprised of an invalid request and known database, will reveal the physical path of server files.
Successful exploitation of this vulnerability could assist in further attacks against the victim host.
http://target/cgi-bin/db2www/library/document.d2w/show
DTWP029E: Net.Data is unable to locate the HTML block SHOW in file /projects/www/netdata/macro/software/library/document.d2w.
Exploit-DB
UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit)
exploitdb·2000-04-16
CVE-2000-0284 UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit)
UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit)
---
source: https://www.securityfocus.com/bid/1110/info
A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes possible to execute code on the machine.
Executing the list command requires an account on the machine. In addition, privileges have been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a scenario where a user has an account, but no shell level access. This would allow them to gain shell access.
Overflows have also been found in the COPY, LSUB, RENAME and FIND command. All of these, like the LIST command, require a login on t
Exploit-DB
UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit)
exploitdb·2000-04-16
CVE-2000-0284 UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit)
UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit)
---
source: https://www.securityfocus.com/bid/1110/info
A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes possible to execute code on the machine.
Executing the list command requires an account on the machine. In addition, privileges have been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a scenario where a user has an account, but no shell level access. This would allow them to gain shell access.
Overflows have also been found in the COPY, LSUB, RENAME and FIND command. All of these, like the LIST command, require a login on th
Exploit-DB
University of Washington - imap LSUB Buffer Overflow (Metasploit)
exploitdb·2000-04-16
CVE-2000-0284 University of Washington - imap LSUB Buffer Overflow (Metasploit)
University of Washington - imap LSUB Buffer Overflow (Metasploit)
---
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'UoW IMAP server LSUB Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the 'LSUB'
command of the University of Washington IMAP service.
This vulnerability can only be exploited with a valid username
and password.
},
'Author' => [ 'patrick' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2000-0284' ],
[ 'OSVDB', '12037' ],
[ 'BID', '1110' ],
[ 'URL
Exploit-DB
Microsoft Internet Explorer 5 Media Player - ActiveX Error Message
exploitdb·1999-11-14
CVE-1999-1110 Microsoft Internet Explorer 5 Media Player - ActiveX Error Message
Microsoft Internet Explorer 5 Media Player - ActiveX Error Message
---
Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Media Player ActiveX Error Message Vulnerability
source: https://www.securityfocus.com/bid/793/info
The Windows Media Player ActiveX control, shipped with IE 5, returns a specific error code if it is instructed to load a local file that does not exist. In this way, an attacker could determine whether or not a specified file on the victim's host exists. This could be used to determine user names and other facets of system configuration.
Demonstration code:
// -2147220970
function checkfile()
{
b=document.all.wm;
b.FileName=document.forms[0].elements[0].value;
if (b.ErrorCode == -2147220970)
alert("File does not exist")
else
alert("
No writeups or analysis indexed.
2001-01-09
Published