CGI Script Center
Products
4- 5 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0944 | Cri | 0.68 | 9.8 | 0.11 | Dec 19, 2000 | CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | ||
| CVE-2000-0688 | 0.04 | — | 0.08 | Oct 20, 2000 | Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter. | |||
| CVE-2000-0690 | 0.04 | — | 0.11 | Oct 20, 2000 | Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter. | |||
| CVE-2000-0689 | 0.04 | — | 0.08 | Oct 20, 2000 | Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter. | |||
| CVE-2001-0086 | 0.00 | — | 0.02 | Feb 12, 2001 | CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter. | |||
| CVE-2000-0811 | 0.00 | — | 0.02 | Dec 19, 2000 | Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. | |||
| CVE-2000-0810 | 0.00 | — | 0.02 | Dec 19, 2000 | Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. | |||
| CVE-2000-0686 | 0.00 | — | 0.01 | Oct 20, 2000 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter. | |||
| CVE-2000-0687 | 0.00 | — | 0.03 | Oct 20, 2000 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter. |
- risk 0.68cvss 9.8epss 0.11
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
- CVE-2000-0688Oct 20, 2000risk 0.04cvss —epss 0.08
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
- CVE-2000-0690Oct 20, 2000risk 0.04cvss —epss 0.11
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
- CVE-2000-0689Oct 20, 2000risk 0.04cvss —epss 0.08
Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.
- CVE-2001-0086Feb 12, 2001risk 0.00cvss —epss 0.02
CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter.
- CVE-2000-0811Dec 19, 2000risk 0.00cvss —epss 0.02
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
- CVE-2000-0810Dec 19, 2000risk 0.00cvss —epss 0.02
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
- CVE-2000-0686Oct 20, 2000risk 0.00cvss —epss 0.01
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
- CVE-2000-0687Oct 20, 2000risk 0.00cvss —epss 0.03
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.