Matt WrightCVEs & Vulnerabilities

21 CVEs affecting Matt Wright products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

formmail 26formhandler.cgi 6wwwboard 5matt wright guestbook 3pgpmail.pl 1download.cgi 1simple search 1textcounter 1
CVE-2009-4866MEDIUM

Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information.

11 May 2010
4.3
CVSS
CVE-2009-1777MEDIUMpoc

CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.

22 May 2009
5.0
CVSS
CVE-2009-1776MEDIUMpoc

Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.

22 May 2009
4.3
CVSS
CVE-2006-1698MEDIUM

Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.

11 Apr 2006
4.3
CVSS
CVE-2006-1697MEDIUMpoc

Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.

11 Apr 2006
4.3
CVSS
CVE-2003-1237MEDIUM

Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post.

31 Dec 2003
4.3
CVSS
CVE-2002-1771MEDIUM

Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.

31 Dec 2002
5.0
CVSS
CVE-2002-2109HIGH

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer.

31 Dec 2002
7.5
CVSS
CVE-2001-0937HIGH

PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters.

30 Nov 2001
7.5
CVSS
CVE-2001-0357HIGH

FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.

22 Aug 2001
7.5
CVSS
CVE-2000-0411MEDIUMpoc

Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.

10 May 2000
5.0
CVSS
CVE-1999-1051MEDIUM

Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.

16 Nov 1999
5.0
CVSS
CVE-1999-1050MEDIUMpoc

Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template.

12 Nov 1999
5.0
CVSS
CVE-1999-0954HIGH

WWWBoard has a default username and default password.

16 Sep 1999
7.5
CVSS
CVE-1999-0953CRITICALpoc

WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.

16 Sep 1999
10.0
CVSS
CVE-1999-1053HIGHpoc

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

13 Sep 1999
7.5
CVSS
CVE-1999-1377MEDIUM

Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

9 Sep 1999
5.0
CVSS
CVE-1999-0930MEDIUM

wwwboard allows a remote attacker to delete message board articles via a malformed argument.

3 Sep 1998
5.0
CVSS
CVE-1999-1479CRITICALpoc

The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters.

24 Jun 1998
10.0
CVSS
CVE-1999-0173MEDIUMpoc

FormMail CGI program can be used by web servers other than the host server that the program resides on.

1 Jan 1997
5.0
CVSS
CVE-1999-0172HIGH

FormMail CGI program allows remote execution of commands.

2 Aug 1995
7.5
CVSS
← PrevPage 1 / 1Next →