This page lists publicly disclosed CVE vulnerabilities affecting cgi_script_center auction_weaver (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2000-0811 | Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. | [email protected] | 5.0 | 1.56% | 2000-12-19 | 2026-06-16 |
| CVE-2000-0810 | Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. | [email protected] | 7.5 | 1.61% | 2000-12-19 | 2026-06-16 |
| CVE-2000-0690 | Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter. | [email protected] | 10.0 | 10.51% | 2000-10-20 | 2026-06-16 |
| CVE-2000-0687 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter. | [email protected] | 10.0 | 2.51% | 2000-10-20 | 2026-06-16 |
| CVE-2000-0686 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter. | [email protected] | 5.0 | 1.45% | 2000-10-20 | 2026-06-16 |