header-logo
Suggest Exploit
vendor:
The Free Online Dictionary of Computing
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: The Free Online Dictionary of Computing
Affected Version From: Not Specified
Affected Version To: Not Specified
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: a:foldoc:the_free_online_dictionary_of_computing
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Not Specified
2001

A vulnerability exists in a CGI script called “The Free Online Dictionary of Computing”

The Free Online Dictionary of Computing CGI script is vulnerable to a directory traversal attack due to a failure to properly validate user supplied input. This allows an attacker to compose and submit requests for files readable by the webserver, as well as executing certain commands (those requiring no command line parameters) with the privilege level of the webserver process.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2484/info

A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing".

Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files readable by the webserver, as well as executing certain commands (those requiring no command line parameters) with the privilege level of the webserver process. 

http://example.com/foldoc/template.cgi?template.cgi

Navigation

Suggest Exploit

Services By CQR