Cgi Script Center: Security Vulnerabilities
CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-02-12
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
CVSS Score
7.5
EPSS Score
0.006
Published
2000-12-19
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
CVSS Score
5.0
EPSS Score
0.007
Published
2000-12-19
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2000-10-20
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.
CVSS Score
10.0
EPSS Score
0.01
Published
2000-10-20
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
CVSS Score
7.5
EPSS Score
0.068
Published
2000-10-20
Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.
CVSS Score
7.5
EPSS Score
0.084
Published
2000-10-20
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
CVSS Score
10.0
EPSS Score
0.054
Published
2000-10-20