Published: 02/08/2001 Updated: 10/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote malicious users to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suse suse linux 6.0
suse suse linux 7.2
suse suse linux 7.0
suse suse linux 7.1
suse suse linux 6.3
suse suse linux 6.4

source: wwwsecurityfocuscom/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base The problem exists in the sdbsearchcgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when opening it's "keylisttxt" file The keylist file contains a list of keywords and associ ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/201216 http://www.novell.com/linux/security/advisories/2001_027_sdb_txt.html https://exchange.xforce.ibmcloud.com/vulnerabilities/7003 https://nvd.nist.gov https://www.exploit-db.com/exploits/21075/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2001-1130

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect