CVE-2000-1132
published 2001-01-09CVE-2000-1132: DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
PriorityP428medium6.4CVSS 2.0
AVNACLAuNCPINAP
EXPLOIT
EPSS
9.28%
94.7th percentile
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dcscripts | dcforum | — | — |
| dcscripts | dcforum | — | — |
| dcscripts | dcforum | — | — |
| dcscripts | dcforum | — | — |
| dcscripts | dcforum | — | — |
| dcscripts | dcforum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DCForum 1-6 - Arbitrary File Disclosure
exploitdb·2000-11-14
CVE-2000-1132 DCForum 1-6 - Arbitrary File Disclosure
DCForum 1-6 - Arbitrary File Disclosure
---
# source: https://www.securityfocus.com/bid/1951/info
#
# DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums.
#
#The script improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are readable by user 'nobody' or the webserver. Additionally, it has been reported that the dcforum.cgi script can be made to delete itself if the attacker attempts to read its source code using this method, effectively permitting a denial-of-service attack.
#
#!/usr/bin/perl
# DC Forum Vulnerablitiy(Found In Versions From 1.0 - 6.0 According To
CGISecurity.com Advisory)
# Exploits Vulnerability That Allows Remote File Reading
# By SteeLe
# BEGIN
Exploit-DB
Qualcomm qpopper 2.53/3.0 / RedHat imap 4.5 -4 / UoW imap 4.5 popd - Lock File Denial of Service
exploitdb·2000-04-19
CVE-2000-1198 Qualcomm qpopper 2.53/3.0 / RedHat imap 4.5 -4 / UoW imap 4.5 popd - Lock File Denial of Service
Qualcomm qpopper 2.53/3.0 / RedHat imap 4.5 -4 / UoW imap 4.5 popd - Lock File Denial of Service
---
source: https://www.securityfocus.com/bid/1132/info
Vulnerabilities exist in a number of pop3 daemon implementations, having to do with their creation of lock files. Affected include Qualcomm's qpopper, and the popd included as part of the imap-4 rpm from RedHat. Lockfiles in both implementation are created with consistent local file names; the RedHat popd in /tmp, with a fairly random name (albeit consistent for a given user), and in the mail spool directory, with the user name prepended by a "." and appended with ".pop". Creation of either of these files will prevent the popd user from being able to establish a connection to retrieve their mail.
The FreeBSD port of imap-uw contains th
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.htmlhttp://www.dcscripts.com/dcforum/dcfNews/124.html#1http://www.osvdb.org/1646http://www.securityfocus.com/bid/1951https://exchange.xforce.ibmcloud.com/vulnerabilities/5533http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.htmlhttp://www.dcscripts.com/dcforum/dcfNews/124.html#1http://www.osvdb.org/1646http://www.securityfocus.com/bid/1951https://exchange.xforce.ibmcloud.com/vulnerabilities/5533
2001-01-09
Published