CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2000-0411 – Matt Wright FormMail 1.6/1.7/1.8 - Environmental Variables Disclosure
https://notcve.org/view.php?id=CVE-2000-0411
10 May 2000 — Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. • https://www.exploit-db.com/exploits/19906 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-1999-1051
https://notcve.org/view.php?id=CVE-1999-1051
16 Nov 1999 — Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. • http://www.securityfocus.com/archive/1/34939 •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 4CVE-1999-1050 – Matt Wright - 'FormHandler.cgi' 2.0 Reply Attachment
https://notcve.org/view.php?id=CVE-1999-1050
12 Nov 1999 — Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template. • https://www.exploit-db.com/exploits/19620 •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-1999-0953 – WWWBoard 2.0 - 'passwd.txt' Remote Password Disclosure
https://notcve.org/view.php?id=CVE-1999-0953
16 Sep 1999 — WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. • https://www.exploit-db.com/exploits/3065 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0954
https://notcve.org/view.php?id=CVE-1999-0954
16 Sep 1999 — WWWBoard has a default username and default password. • http://www.securityfocus.com/bid/649 •
CVSS: 9.8EPSS: 89%CPEs: 2EXPL: 5CVE-1999-1053 – The Matt Wright Guestbook.pl - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-1999-1053
13 Sep 1999 — guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". • https://www.exploit-db.com/exploits/16914 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-1999-1377
https://notcve.org/view.php?id=CVE-1999-1377
09 Sep 1999 — Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. • http://pulhas.org/phrack/55/P55-07.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0930
https://notcve.org/view.php?id=CVE-1999-0930
03 Sep 1998 — wwwboard allows a remote attacker to delete message board articles via a malformed argument. • http://www.securityfocus.com/bid/1795 •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-1999-1479 – textcounter.pl 1.2 - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-1999-1479
24 Jun 1998 — The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters. • https://www.exploit-db.com/exploits/20583 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-1999-0173 – Matt Wright FormMail 1.x - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-1999-0173
01 Jan 1997 — FormMail CGI program can be used by web servers other than the host server that the program resides on. • https://www.exploit-db.com/exploits/20486 •