CVSS: 7.5EPSS: 92%CPEs: 1EXPL: 4CVE-2003-0349 – Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (MS03-022)
https://notcve.org/view.php?id=CVE-2003-0349
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. Desbordamiento de búfer en el componente de secuenciamiento (streaming) de medios para registrar peticiones de multidifusión en la librería ISAPI de la capacidad de registro (logging) de Microsoft Windows Media Services (nsiislog.dll), como el instalado en IIS 5.9, permite a atacantes remotos ejecutar código arbitrario mediante una petición POST larga a nsiislog.dll. • https://www.exploit-db.com/exploits/16355 https://www.exploit-db.com/exploits/48 https://www.exploit-db.com/exploits/22837 http://marc.info/?l=bugtraq&m=105665030925504&w=2 http://secunia.com/advisories/9115 http://securitytracker.com/id?1007059 http://www.kb.cert.org/vuls/id/113716 http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022 https://oval.cisec •
CVSS: 7.5EPSS: 15%CPEs: 10EXPL: 1CVE-2003-0469 – Microsoft Windows XP/2000/NT 4.0 - HTML Converter HR Align Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0469
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. Desbordamiento de búfer en el Convertidor HTML (HTML32.cnv) de varios sistemas operativos Windows, permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario mediante una operación de cortar-y-pegar, como se ha demostrado en Internet Explorer 5.0 usando un arguemento "align" larga en una etiqueta HR. • https://www.exploit-db.com/exploits/22824 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html http://marc.info/?l=bugtraq&m=105639925122961&w=2 http://www.cert.org/advisories/CA-2003-14.html http://www.kb.cert.org/vuls/id/823260 http://www.securityfocus.com/bid/8016 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023 •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 3CVE-2003-0411 – Sun ONE Application Server 7.0 - Source Disclosure
https://notcve.org/view.php?id=CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. Sun ONE Application Server 7.0 para Windows 2000/XP permite atacantes remotos obtener código fuente JSP mediante una petición que usa la extensíon ".JSP", con letras mayúsculas, en lugar de ".jsp", en minúsculas. • https://www.exploit-db.com/exploits/22664 http://marc.info/?l=bugtraq&m=105409846029475&w=2 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1 http://www.ciac.org/ciac/bulletins/n-103.shtml http://www.iss.net/security_center/static/12093.php http://www.securityfocus.com/bid/7709 http://www.spidynamics.com/sunone_alert.html • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 5.0EPSS: 95%CPEs: 2EXPL: 1CVE-2003-0227 – Microsoft Windows Media Services - 'nsiislog.dll' Remote Overflow
https://notcve.org/view.php?id=CVE-2003-0227
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. La librería nsisslog.dll de la extensión ISAPI de Microsoft Winodws Media Services en Windows NT 4.0 y 2000 permite que atacante remotos provoquen una denegación de servicio en el Internet Information Server (IIS) mediante una cierta petición de red. • https://www.exploit-db.com/exploits/56 http://marc.info/?l=bugtraq&m=105427615626177&w=2 http://marc.info/?l=ntbugtraq&m=105421127531558&w=2 http://marc.info/?l=ntbugtraq&m=105421176432011&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A936 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 45EXPL: 0CVE-2003-0112
https://notcve.org/view.php?id=CVE-2003-0112
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. Desbordamiento de búfer en el Kernel de Windows permite a usuarios locales ganar privilegios haciendo que ciertos mensajes de error sean pasados a un depurador. • http://www.kb.cert.org/vuls/id/446338 http://www.securityfocus.com/bid/7370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/11803 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1264 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A142 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2022 https://oval •