RSS   Vulnerabilities for 'Sawmill'   RSS

2000-06-26
 
CVE-2000-0589

CWE-310
 
 
SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.

 
 
CVE-2000-0588

CWE-200
 
 
SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.

 

Copyright 2024, cxsecurity.com

 

Back to Top