Published: 16/05/2005 Updated: 18/10/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Pico Server (pServ) 3.2 and previous versions allows remote malicious users to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pico server pico server 3.0_beta_3
pico server pico server 3.1
pico server pico server 3.2
pico server pico server 3.0

source: wwwsecurityfocuscom/bid/13642/info pServ is prone to a directory traversal vulnerability This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs Since this can be done from the cgi-bin directory, it is possible to execute commands to which the Web server has pe ...

NVD-CWE-Other http://sourceforge.net/project/shownotes.php?release_id=327708 http://www.securityfocus.com/bid/13642 http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt http://marc.info/?l=full-disclosure&m=111625635716712&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/25669/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1365

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect