Vulnerabilities > CVE-2000-0010 - Unspecified vulnerability in Tony Greenwood Webwho+ 1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Tony Greenwood WebWho+ 1.1 Remote Command Execution Vulnerability. CVE-2000-0010 . Remote exploits for multiple platform |
id | EDB-ID:19691 |
last seen | 2016-02-02 |
modified | 1999-12-26 |
published | 1999-12-26 |
reporter | loophole |
source | https://www.exploit-db.com/download/19691/ |
title | Tony Greenwood WebWho+ 1.1 - Remote Command Execution Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | WEBWHO_PL.NASL |
description | The WebWho+ CGI script appears to be installed on the remote host. This Perl script allows an attacker to view any file on the remote host as well as to execute arbitrary commands, both subject to the privileges of the web server user id. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11333 |
published | 2003-03-09 |
reporter | This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/11333 |
title | WebWho+ whois.pl time Parameter Arbitrary Command Execution |
code |
|