Sean Macguire: >> Big Brother >> 1.3 Security Vulnerabilities
bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
CVSS Score
10.0
EPSS Score
0.042
Published
2000-07-11
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
CVSS Score
7.5
EPSS Score
0.036
Published
2000-06-11