CVE-2000-0423

Netwin DNEWSWEB - Buffer Overflow via Long CGI Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0423. PoCs published by Joey__.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in DNews News Server, where unchecked buffers in CGI variables like 'group', 'cmd', and 'utag' can be exploited to execute arbitrary code. However, no actual exploit code is included in the snippet.

Description

Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Joey__ · textremotewindows
https://www.exploit-db.com/exploits/19895

The provided text describes a buffer overflow vulnerability in DNews News Server, where unchecked buffers in CGI variables like 'group', 'cmd', and 'utag' can be exploited to execute arbitrary code. However, no actual exploit code is included in the snippet.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: DNews News Server (version not specified)
No auth needed
Prerequisites: Access to the vulnerable DNews News Server CGI interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=95764950403250&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1172

Scores

EPSS 0.0778
EPSS Percentile 93.9%

Details

Status published
Products (1)
netwin/dnews 5.3
Published May 05, 2000
Tracked Since Feb 18, 2026