CVSS: 6.1EPSS: 17%CPEs: 3EXPL: 1CVE-2002-1700 – ColdFusion MX - Missing Template Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1700
31 Dec 2002 — Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. • https://www.exploit-db.com/exploits/21548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 0CVE-2002-1745
https://notcve.org/view.php?id=CVE-2002-1745
31 Dec 2002 — Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. • http://online.securityfocus.com/archive/1/268303 • CWE-193: Off-by-one Error •
CVSS: 5.0EPSS: 19%CPEs: 5EXPL: 2CVE-2002-1790 – Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)
https://notcve.org/view.php?id=CVE-2002-1790
31 Dec 2002 — The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. • https://www.exploit-db.com/exploits/21613 •
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 1CVE-2002-1908
https://notcve.org/view.php?id=CVE-2002-1908
31 Dec 2002 — Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. • http://www.iss.net/security_center/static/10370.php •
CVSS: 5.3EPSS: 67%CPEs: 1EXPL: 2CVE-2002-1744 – Microsoft IIS 5.0 - 'CodeBrws.asp' Source Code Disclosure
https://notcve.org/view.php?id=CVE-2002-1744
31 Dec 2002 — Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot). • https://www.exploit-db.com/exploits/21385 •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1180
https://notcve.org/view.php?id=CVE-2002-1180
12 Nov 2002 — A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." Un error tipográfico en los permisos de acceso a fuentes de scripts en Internet Information Server (IIS) 5.0 no excluye adecuadamente ficheros .COM, lo que permite a atacantes con sólo permisos de escritura cargar ficheros .COM, también conocida... • http://www.ciac.org/ciac/bulletins/n-011.shtml •
CVSS: 7.5EPSS: 31%CPEs: 1EXPL: 0CVE-2002-1182
https://notcve.org/view.php?id=CVE-2002-1182
12 Nov 2002 — IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. IIS 5.0 Y 5.1 permiten a atacantes remotso causar una denegación de servicio (caída) mediante peticiones WebDAV malformadas que hacen que sea asignada mucha memoria. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html •
CVSS: 9.8EPSS: 27%CPEs: 2EXPL: 0CVE-2002-0869
https://notcve.org/view.php?id=CVE-2002-0869
02 Nov 2002 — Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." Vulnerabilidad desconocida en el proceso de anfitrión (dllhost.exe) en Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ganar privilegios ejecutando una aplicación fuera de proceso que adqui... • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html •
CVSS: 6.8EPSS: 10%CPEs: 2EXPL: 0CVE-2002-1181
https://notcve.org/view.php?id=CVE-2002-1181
02 Nov 2002 — Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. Múltiples vulnerabilidades de scripting en sitios cruzados (XSS) en las páginas web de administració de Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ejecut... • http://marc.info/?l=bugtraq&m=103651224215736&w=2 •
CVSS: 9.8EPSS: 65%CPEs: 2EXPL: 0CVE-2002-0364
https://notcve.org/view.php?id=CVE-2002-0364
03 Jul 2002 — Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html •