CVE-2001-0476

Aspseek < 1.0.3 - Remote Code Execution via Long HTTP Query String or tmpl Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0476. PoCs published by teleh0r.

AI-analyzed exploit summary This exploit targets a buffer overflow in ASPSeek versions 1.0.0 to 1.0.3 via the 'tmpl' parameter in s.cgi. It delivers a reverse shell payload via an Xterm connection to the attacker's specified display.

Description

Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by teleh0r · perlremotecgi
https://www.exploit-db.com/exploits/20689

This exploit targets a buffer overflow in ASPSeek versions 1.0.0 to 1.0.3 via the 'tmpl' parameter in s.cgi. It delivers a reverse shell payload via an Xterm connection to the attacker's specified display.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ASPSeek 1.0.0 - 1.0.3
No auth needed
Prerequisites: Target must be running ASPSeek 1.0.0-1.0.3 · Attacker must have an X server running and accessible to the target · xhost must be configured to allow connections from the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-03/0233.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2492
Patch x_refsource_confirm
http://www.aspseek.org/changes.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6248

Scores

EPSS 0.0957
EPSS Percentile 94.8%

Details

Status published
Products (2)
swsoft/aspseek 1.0
swsoft/aspseek < 1.0.3
Published Jun 27, 2001
Tracked Since Feb 18, 2026