CVE-2002-0075
https://notcve.org/view.php?id=CVE-2002-0075
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. Vulnerabilidad de secuencias de comandos en sitios cruzados (Cross-site scripting) en Internet Information Server 4.0, 5.0 y 5.1 permite a atacantes remotos ejecutar scripts arbitrarios como otros usuarios del web mediante el mensaje de error usado en una redirección de URL. • http://marc.info/?l=bugtraq&m=101854677802990&w=2 http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8804.php http://www.kb.cert.org/vuls/id/520707 http://www.osvdb.org/3341 http://www.securityfocus.com/bid/4487 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition •
CVE-2002-0074
https://notcve.org/view.php?id=CVE-2002-0074
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. Vulnerabilidad de secuencias de comandos en sitios cruzados (Cross-site scripting) en el fichero de Ayuda del Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos insertar código en otra sesión de usuario. • http://seclists.org/bugtraq/2002/Apr/0126.html http://www.cert.org/advisories/CA-2002-09.html http://www.cgisecurity.com/advisory/9.txt http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8802.php http://www.kb.cert.org/vuls/id/883091 http://www.osvdb.org/3338 http://www.securityfocus.com/bid/4483 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://o •
CVE-2002-0071
https://notcve.org/view.php?id=CVE-2002-0071
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. Desbordamiento de buffer la extensión ISAPI ism.dll que implementa los scripts HTR en MS Internet Information Server (IIS) 4.0 y 5.0 permite a atacantes causar una denegación de servido o ejecutar código arbitrario mediante peticiones HTR con nombres de variables largos. • http://marc.info/?l=bugtraq&m=101854087828265&w=2 http://www.atstake.com/research/advisories/2002/a041002-1.txt http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8799.php http://www.kb.cert.org/vuls/id/363715 http://www.osvdb.org/3325 http://www.securityfocus.com/bid/4474 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002 •
CVE-2002-0149
https://notcve.org/view.php?id=CVE-2002-0149
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Desbordamiento de buffer en las funciones de inclusión de ficheros en el servidor (server-side include) de ASP en IIS 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante nombres de fichero largos. • http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8798.php http://www.kb.cert.org/vuls/id/721963 http://www.osvdb.org/3320 http://www.securityfocus.com/bid/4478 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A132 https://oval.cisecurity •
CVE-2002-0148 – Microsoft IIS 4.0/5.0 - HTTP Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0148
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Vulnerabildad de secuencias de comandos en sitios cruzados (cross-site scripting) en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos ejecutar código arbitrario como otros usuarios mediatne una página de error HTTP. • https://www.exploit-db.com/exploits/21372 http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8803.php http://www.kb.cert.org/vuls/id/886699 http://www.osvdb.org/3339 http://www.securityfocus.com/bid/4486 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg •