Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbVanja HrusticEDB-ID:19797
HistoryMar 09, 2000 - 12:00 a.m.

Sun StarOffice 5.1 - Arbitrary File Read

2000-03-0900:00:00
Vanja Hrustic
www.exploit-db.com
17

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/1040/info

StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.

http://starscheduler_server:801/../../../../etc/shadow

Related

cvelist 1
cve 1
nvd 1
nessus 1
cvelist
cvelist
CVE-2000-0174
2000-07-12 04:00:00
cve
cve
CVE-2000-0174
2000-07-12 04:00:00
nvd
nvd
CVE-2000-0174
2000-03-09 05:00:00
nessus
nessus
Mandrake Linux Security Advisory : mplayer (MDKSA-2004:157)
2004-12-23 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:19797
cvelist1cve1nvd1nessus1