Page 56 of 317 results (0.005 seconds)

CVSS: 7.5EPSS: 78%CPEs: 34EXPL: 1

CVE-2002-0656 – Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow

https://notcve.org/view.php?id=CVE-2002-0656

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. Desbordamiento de búfer en OpenSSL 0.9.6d y anteriores, y 0.9.7-beta2 y anteriores, permite a atacantes remotos ejecutar código arbitrario mediante una clave maestra de cliente larga en SSL2 o un ID de sesión largo en SSL3 • https://www.exploit-db.com/exploits/40347 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 http://www.cert.org/advisories/CA-2002-23.html http://www.iss.net/security_center/static/9714.php http://www.iss.net/security_center/static/9716.php •

CVSS: 7.5EPSS: 75%CPEs: 3EXPL: 3

CVE-2002-0392 – Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption

https://notcve.org/view.php?id=CVE-2002-0392

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. • https://www.exploit-db.com/exploits/21560 https://www.exploit-db.com/exploits/21559 https://www.exploit-db.com/exploits/16782 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32 ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31 ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I http://archives. •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2002-1592

https://notcve.org/view.php?id=CVE-2002-1592

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. • http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.iss.net/security_center/static/9623.php http://www.kb.cert.org/vuls/id/165803 http://www.securityfocus.com/bid/5256 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.or •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2002-0240

https://notcve.org/view.php?id=CVE-2002-0240

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. PHP, cuando se instala con Apache y se configura para buscar index.php como la página web por defecto, permite a los atacantes remotos que obtengan el path completo del servidor por medio del método HTTP OPTIONS, lo cual revelará el nombre del path en el mensaje de error correspondiente. • http://marc.info/?l=bugtraq&m=101311746611160&w=2 http://www.iss.net/security_center/static/8119.php http://www.securityfocus.com/bid/4057 •

CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0

CVE-2002-0257

https://notcve.org/view.php?id=CVE-2002-0257

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. Vulnerabilidad de comandos en sitios cruzados en auction.pl de MakeBid Auction Deluxe 3.30 permite que atacantes remotos obtengan información de otros usuarios por medio de los campos de formulario (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, o (13) PHONE4. • http://marc.info/?l=bugtraq&m=101328880521775&w=2 http://www.iss.net/security_center/static/8161.php http://www.netcreations.addr.com/dcforum/DCForumID2/126.html http://www.securityfocus.com/bid/4069 •