Cgi Script CenterCVEs & Vulnerabilities

8 CVEs affecting Cgi Script Center products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

auction weaver 14subscribe me lite 3account manager 2
CVE-2001-0086MEDIUM

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter.

12 Feb 2001
5.0
CVSS
CVE-2000-0810HIGH

Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.

19 Dec 2000
7.5
CVSS
CVE-2000-0811MEDIUM

Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.

19 Dec 2000
5.0
CVSS
CVE-2000-0686MEDIUM

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.

20 Oct 2000
5.0
CVSS
CVE-2000-0687CRITICAL

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.

20 Oct 2000
10.0
CVSS
CVE-2000-0689HIGHpoc

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.

20 Oct 2000
7.5
CVSS
CVE-2000-0690CRITICALpoc

Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.

20 Oct 2000
10.0
CVSS
CVE-2000-0688HIGHpoc

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

20 Oct 2000
7.5
CVSS
← PrevPage 1 / 1Next →