Vulnerabilities > CVE-2001-0561 - Directory Traversal vulnerability in Drummond Miles A1Stats 1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
drummond-miles
nessus
exploit available

Summary

Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.

Vulnerable Configurations

Part Description Count
Application
Drummond_Miles
2

Exploit-Db

  • descriptionDrummond Miles A1Stats 1.0 a1disp3.cgi Traversal Arbitrary File Read. CVE-2001-0561. Remote exploit for cgi platform
    idEDB-ID:20832
    last seen2016-02-02
    modified2001-05-07
    published2001-05-07
    reporterneme-dhc
    sourcehttps://www.exploit-db.com/download/20832/
    titleDrummond Miles A1Stats 1.0 a1disp3.cgi Traversal Arbitrary File Read
  • descriptionDrummond Miles A1Stats 1.0 a1disp2.cgi Traversal Arbitrary File Read. CVE-2001-0561. Remote exploit for cgi platform
    idEDB-ID:20831
    last seen2016-02-02
    modified2001-05-07
    published2001-05-07
    reporterneme-dhc
    sourcehttps://www.exploit-db.com/download/20831/
    titleDrummond Miles A1Stats 1.0 a1disp2.cgi Traversal Arbitrary File Read
  • descriptionDrummond Miles A1Stats 1.0 a1disp4.cgi Traversal Arbitrary File Read. CVE-2001-0561. Remote exploit for cgi platform
    idEDB-ID:20833
    last seen2016-02-02
    modified2001-05-07
    published2001-05-07
    reporterneme-dhc
    sourcehttps://www.exploit-db.com/download/20833/
    titleDrummond Miles A1Stats 1.0 a1disp4.cgi Traversal Arbitrary File Read

Nessus

NASL familyCGI abuses
NASL idA1STATS.NASL
descriptionThe
last seen2020-06-01
modified2020-06-02
plugin id10669
published2001-05-14
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10669
titleA1Stats Multiple Script Traversal Arbitrary File Access