Published: 11/06/2000 Updated: 10/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The default configuration of Big Brother 1.4h2 and previous versions does not include proper access restrictions, which allows remote malicious users to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sean macguire big brother 1.09d
sean macguire big brother 1.1
sean macguire big brother 1.4h1
sean macguire big brother 1.09b
sean macguire big brother 1.09c
sean macguire big brother 1.4g
sean macguire big brother 1.4h
sean macguire big brother 1.2
sean macguire big brother 1.3
sean macguire big brother 1.0
sean macguire big brother 1.3b
sean macguire big brother 1.4

source: wwwsecurityfocuscom/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server These could be used to read files and possibly execute commands on the web server machine /bb 1234 "status evilphp3 <?<system(\"cat /etc/passwd\ ...

NVD-CWE-Other http://www.securityfocus.com/bid/1494 http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html http://www.osvdb.org/1472 https://exchange.xforce.ibmcloud.com/vulnerabilities/5103 https://nvd.nist.gov https://www.exploit-db.com/exploits/20092/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-0639

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect