CVE-2004-0303
published 2004-11-23CVE-2004-0303: OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.22%
86.6th percentile
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Fool's Workshop Owl's Workshop 1.0 - 'readings/index.php' Arbitrary File Access
exploitdb·2004-02-18
CVE-2004-0303 Fool's Workshop Owl's Workshop 1.0 - 'readings/index.php' Arbitrary File Access
Fool's Workshop Owl's Workshop 1.0 - 'readings/index.php' Arbitrary File Access
---
source: https://www.securityfocus.com/bid/9689/info
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
http://www.example.org/owls/readings/index.php?filename=/etc/passwd
Exploit-DB
Fool's Workshop Owl's Workshop 1.0 - '/glossaries/index.php?File' Arbitrary File Access
exploitdb·2004-02-18
CVE-2004-0303 Fool's Workshop Owl's Workshop 1.0 - '/glossaries/index.php?File' Arbitrary File Access
Fool's Workshop Owl's Workshop 1.0 - '/glossaries/index.php?File' Arbitrary File Access
---
source: https://www.securityfocus.com/bid/9689/info
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
http://www.example.org/owls/glossaries/index.php?file=/etc/passwd
Exploit-DB
Fool's Workshop Owl's Workshop 1.0 - 'resultsignore.php' Arbitrary File Access
exploitdb·2004-02-18
CVE-2004-0303 Fool's Workshop Owl's Workshop 1.0 - 'resultsignore.php' Arbitrary File Access
Fool's Workshop Owl's Workshop 1.0 - 'resultsignore.php' Arbitrary File Access
---
source: https://www.securityfocus.com/bid/9689/info
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
http://www.example.org/owls/multiplechoice/resultsignore.php?filename=/etc/passwd
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107712123305706&w=2http://www.securityfocus.com/bid/9689http://www.zone-h.org/en/advisories/read/id=3973/https://exchange.xforce.ibmcloud.com/vulnerabilities/15249http://marc.info/?l=bugtraq&m=107712123305706&w=2http://www.securityfocus.com/bid/9689http://www.zone-h.org/en/advisories/read/id=3973/https://exchange.xforce.ibmcloud.com/vulnerabilities/15249
2004-11-23
Published