cuctema

7 exploits Active since Jun 2001
CVE-2001-0212 EXPLOITDB text WORKING POC
HIS Auktion 1.62 - Directory Traversal and Arbitrary File Read via Menue Parameter
Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter, and possibly execute commands via shell metacharacters.
CVE-2001-0211 EXPLOITDB text WORKING POC
WebSPIRS 3.1 - Directory Traversal via sp.nextform Parameter
Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter.
CVE-2001-0216 EXPLOITDB text WORKING POC
PALS Library System - Command Injection
PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter.
CVE-2001-0224 EXPLOITDB text WORKING POC
Muscat Empower - Information Disclosure via DB Parameter
Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter.
CVE-2001-0214 EXPLOITDB text WRITEUP
Way-board - Unauthenticated Arbitrary File Read via db Parameter Null Byte Injection
Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte.
CVE-2001-0217 EXPLOITDB text WRITEUP
PALS Library System pals-cgi - Directory Traversal via documentName Parameter
Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter.
CVE-2001-0215 EXPLOITDB text WORKING POC
ROADS - Unauthenticated Arbitrary File Read via search.pl form Parameter Null Byte Injection
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte.