CVE-2004-0302
published 2004-11-23CVE-2004-0302: Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2)…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.42%
87.4th percentile
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fools_workshop | owls_workshop | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Fool's Workshop Owl's Workshop 1.0 - 'glossary.php' Arbitrary File Access
exploitdb·2004-02-18
CVE-2004-0302 Fool's Workshop Owl's Workshop 1.0 - 'glossary.php' Arbitrary File Access
Fool's Workshop Owl's Workshop 1.0 - 'glossary.php' Arbitrary File Access
---
source: https://www.securityfocus.com/bid/9689/info
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
http://www.example.org/owls/workshop/glossary.php?editfile=../../../../../../../../../../../../../../../etc/passwd
Exploit-DB
Fool's Workshop Owl's Workshop 1.0 - 'newmultiplechoice.php' Arbitrary File Access
exploitdb·2004-02-18
CVE-2004-0302 Fool's Workshop Owl's Workshop 1.0 - 'newmultiplechoice.php' Arbitrary File Access
Fool's Workshop Owl's Workshop 1.0 - 'newmultiplechoice.php' Arbitrary File Access
---
source: https://www.securityfocus.com/bid/9689/info
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
http://www.example.org/owls/workshop/newmultiplechoice.php?edit=1&editfile=../../../../../../../../../../../../../../../etc/passwd
Exploit-DB
Fool's Workshop Owl's Workshop 1.0 - 'multiplechoice/index.php' Arbitrary File Access
exploitdb·2004-02-18
CVE-2004-0302 Fool's Workshop Owl's Workshop 1.0 - 'multiplechoice/index.php' Arbitrary File Access
Fool's Workshop Owl's Workshop 1.0 - 'multiplechoice/index.php' Arbitrary File Access
---
source: https://www.securityfocus.com/bid/9689/info
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
http://www.example.org/owls/multiplechoice/index.php?file=../../../../../../../../../../../../../../../etc/passwd&view=print
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107712123305706&w=2http://www.securityfocus.com/bid/9689http://www.zone-h.org/en/advisories/read/id=3973/https://exchange.xforce.ibmcloud.com/vulnerabilities/15249http://marc.info/?l=bugtraq&m=107712123305706&w=2http://www.securityfocus.com/bid/9689http://www.zone-h.org/en/advisories/read/id=3973/https://exchange.xforce.ibmcloud.com/vulnerabilities/15249
2004-11-23
Published