CVE-2000-1196

Netscape PublishingXpert <2.5 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1196. PoCs published by \x00\x00.

AI-analyzed exploit summary This exploit targets a directory traversal vulnerability in Netscape PublishingXpert 2.* via PSCOErrPage.htm, allowing remote attackers to read arbitrary files on the system. The PoC sends a crafted HTTP GET request to retrieve /etc/passwd.

Description

PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by \x00\x00 · cremotesolaris

https://www.exploit-db.com/exploits/20966

View Code ZIP pw:eip

This exploit targets a directory traversal vulnerability in Netscape PublishingXpert 2.* via PSCOErrPage.htm, allowing remote attackers to read arbitrary files on the system. The PoC sends a crafted HTTP GET request to retrieve /etc/passwd.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Netscape PublishingXpert 2.*

No auth needed

Prerequisites: Network access to the target server · PublishingXpert 2.* running on port 80

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/7362

Exploit, Vendor Advisory x_refsource_misc

http://packetstormsecurity.org/0004-exploits/ooo1.txt

Patch, Vendor Advisory x_refsource_confirm

http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html

Scores

EPSS 0.0377

EPSS Percentile 88.6%

Details

Status published

Products (1)

netscape/publishingxpert < 2.5

Published Aug 31, 2001

Tracked Since Feb 18, 2026