Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
Max CVSS
7.8
EPSS Score
0.13%
Published
2002-12-31
Updated
2008-09-05
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
Max CVSS
6.4
EPSS Score
0.34%
Published
2002-08-12
Updated
2020-12-09
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
Max CVSS
6.4
EPSS Score
1.99%
Published
2002-12-31
Updated
2008-09-05
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
Max CVSS
5.0
EPSS Score
3.30%
Published
2002-05-29
Updated
2021-07-23
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.
Max CVSS
5.0
EPSS Score
2.44%
Published
2002-08-12
Updated
2020-11-23
WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.
Max CVSS
5.0
EPSS Score
0.31%
Published
2002-06-18
Updated
2010-01-16
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
Max CVSS
5.0
EPSS Score
75.35%
Published
2002-12-11
Updated
2021-07-23
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.
Max CVSS
5.0
EPSS Score
1.02%
Published
2002-12-31
Updated
2020-12-09
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
Max CVSS
5.0
EPSS Score
0.47%
Published
2002-12-31
Updated
2020-12-09
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
Max CVSS
5.0
EPSS Score
0.39%
Published
2002-12-31
Updated
2017-07-29
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.
Max CVSS
5.0
EPSS Score
1.13%
Published
2002-12-31
Updated
2017-07-29
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
Max CVSS
5.0
EPSS Score
0.94%
Published
2002-12-31
Updated
2017-07-29
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
Max CVSS
5.0
EPSS Score
0.20%
Published
2002-12-31
Updated
2016-10-18
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
Max CVSS
5.0
EPSS Score
0.20%
Published
2002-12-31
Updated
2008-09-05
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
Max CVSS
5.0
EPSS Score
0.70%
Published
2002-12-31
Updated
2008-09-05
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
Max CVSS
5.0
EPSS Score
0.22%
Published
2002-12-31
Updated
2008-09-05
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
Max CVSS
5.0
EPSS Score
0.29%
Published
2002-12-31
Updated
2008-09-05
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
Max CVSS
3.5
EPSS Score
0.12%
Published
2002-12-31
Updated
2008-09-05

CVE-2002-0422

Public exploit
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
Max CVSS
2.6
EPSS Score
1.55%
Published
2002-08-12
Updated
2020-11-23
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!