Auction Weaver

CVEs (5)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2000-0690	0.03	—	0.05	Oct 20, 2000	Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
CVE-2000-0810	0.00	—	0.01	Dec 19, 2000	Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
CVE-2000-0811	0.00	—	0.01	Dec 19, 2000	Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
CVE-2000-0686	0.00	—	0.01	Oct 20, 2000	Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
CVE-2000-0687	0.00	—	0.01	Oct 20, 2000	Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.

CVE-2000-0690Oct 20, 2000
risk 0.03cvss —epss 0.05
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
CVE-2000-0810Dec 19, 2000
risk 0.00cvss —epss 0.01
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
CVE-2000-0811Dec 19, 2000
risk 0.00cvss —epss 0.01
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
CVE-2000-0686Oct 20, 2000
risk 0.00cvss —epss 0.01
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
CVE-2000-0687Oct 20, 2000
risk 0.00cvss —epss 0.01
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.