CVE-2000-0412

Napster - Info Disclosure

Title source: llm

Description

The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by no_maam · perlremoteunix

https://www.exploit-db.com/exploits/19905

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-05/0124.html

[Various Sources] ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:18-gnapster.adv

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1186

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-05/0127.html

Scores

EPSS 0.0713

EPSS Percentile 91.6%

Details

Status published

Products (1)

napster/knapster napster

Published May 01, 1999

Tracked Since Feb 18, 2026