CVE-2001-0805

Tarantella Enterprise 3.00-3.01 - Directory Traversal via ttawebtop.cgi pg Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0805. PoCs published by kf.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Tarantella Enterprise 3 via the ttawebtop.cgi script. By manipulating the 'pg' parameter, an attacker can read arbitrary files accessible to the webserver process.

Description

Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kf · textremotecgi

https://www.exploit-db.com/exploits/20940

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Tarantella Enterprise 3 via the ttawebtop.cgi script. By manipulating the 'pg' parameter, an attacker can read arbitrary files accessible to the webserver process.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Tarantella Enterprise 3

No auth needed

Prerequisites: Network access to the vulnerable CGI script

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2890

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/3B2E37D0.81D9ED9D%40snosoft.com

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6723

URL Repurposed mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/20010619150935.A5226%40tarantella.com

Scores

EPSS 0.0794

EPSS Percentile 94.0%

Details

Status published

Products (2)

tarantella/tarantella_enterprise 3.0

tarantella/tarantella_enterprise 3.01

Published Dec 06, 2001

Tracked Since Feb 18, 2026