CVE-2000-1176
published 2001-01-09CVE-2000-1176: Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch"…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.72%
92.1th percentile
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yabb | yabb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution
exploitdb·2000-11-07
CVE-2000-1176 YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution
YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/1921/info
YaBB (Yet Another Bulletin Board) is a popular perl-based bulletin board scripting package.
search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input which arguments a call to open().
A malicious user could supply a string containing '/../'-type sequences and shell commands. As a result of search.pl's failure to reject this type of input, it is possible to traverse the script's normal working directories, and to execute arbitrary commands on the host with the privelege level of YaBB. This can lead to an anonymous internet user gaining shell access to the host.
An attacker could easily create a malicious html form with a catsearch s
Exploit-DB
RedHat Linux 6.0/6.1/6.2 - 'pam_console' Monitor Activity After Logout
exploitdb·2000-05-03
CVE-2000-0378 RedHat Linux 6.0/6.1/6.2 - 'pam_console' Monitor Activity After Logout
RedHat Linux 6.0/6.1/6.2 - 'pam_console' Monitor Activity After Logout
---
/*
source: https://www.securityfocus.com/bid/1176/info
A vulnerability exists in the pam_console PAM module, included as part of any Linux system running PAM. pam_console exists to own certain devices to users logging in to the console of a Linux machine. It is designed to allow only console users to utilize things such as sound devices. It will chown devices to users upon logging in, and chown them back to being owned by root upon logout. However, as certain devices do not have a 'hangup' mechanism, like a tty device, it is possible for a local user to continue to monitor activity on certain devices after logging out. This could allow an malicious user to sniff other users console sessions, and potentially obtai
No writeups or analysis indexed.
2001-01-09
Published