CVSS: 7.5EPSS: 96%CPEs: 12EXPL: 1CVE-2002-0661 – Apache 2.0 - Encoded Backslash Directory Traversal
https://notcve.org/view.php?id=CVE-2002-0661
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. • https://www.exploit-db.com/exploits/21697 http://httpd.apache.org/info/security_bulletin_20020908a.txt http://marc.info/?l=bugtraq&m=102892744011436&w=2 http://marc.info/?l=bugtraq&m=102951160411052&w=2 http://www.iss.net/security_center/static/9808.php http://www.securityfocus.com/bid/5434 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs •
CVSS: 7.5EPSS: 75%CPEs: 3EXPL: 3CVE-2002-0392 – Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption
https://notcve.org/view.php?id=CVE-2002-0392
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. • https://www.exploit-db.com/exploits/21560 https://www.exploit-db.com/exploits/21559 https://www.exploit-db.com/exploits/16782 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32 ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31 ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I http://archives. •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1592
https://notcve.org/view.php?id=CVE-2002-1592
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. • http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.iss.net/security_center/static/9623.php http://www.kb.cert.org/vuls/id/165803 http://www.securityfocus.com/bid/5256 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.or •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0240
https://notcve.org/view.php?id=CVE-2002-0240
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. PHP, cuando se instala con Apache y se configura para buscar index.php como la página web por defecto, permite a los atacantes remotos que obtengan el path completo del servidor por medio del método HTTP OPTIONS, lo cual revelará el nombre del path en el mensaje de error correspondiente. • http://marc.info/?l=bugtraq&m=101311746611160&w=2 http://www.iss.net/security_center/static/8119.php http://www.securityfocus.com/bid/4057 •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2002-0257
https://notcve.org/view.php?id=CVE-2002-0257
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. Vulnerabilidad de comandos en sitios cruzados en auction.pl de MakeBid Auction Deluxe 3.30 permite que atacantes remotos obtengan información de otros usuarios por medio de los campos de formulario (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, o (13) PHONE4. • http://marc.info/?l=bugtraq&m=101328880521775&w=2 http://www.iss.net/security_center/static/8161.php http://www.netcreations.addr.com/dcforum/DCForumID2/126.html http://www.securityfocus.com/bid/4069 •