CVSS: 5.3EPSS: 2%CPEs: 37EXPL: 3CVE-2003-0001 – Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
https://notcve.org/view.php?id=CVE-2003-0001
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. Múltiples controladores de dispositivo (device drivers) de Tarjetas de Interfaz de Red (Network Interface Card - NIC) Ethernet no rellenan las tramas con bytes nulos, lo que permite a atacantes remotos obtener información de paquetes anteriores o memoria del kernel usando paquetes malformados, como ha sido demostrado por Etherleak. • https://www.exploit-db.com/exploits/22131 https://www.exploit-db.com/exploits/26076 https://www.exploit-db.com/exploits/3555 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html http://marc.info/?l=bugtraq&m=104222046632243&w=2 http://secunia.com/advisories/7996 http://www.atstake.com/research/advisories/2003/a010603-1.txt http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf http://www.kb.cert.org/vuls/id/412115 http://www.ora • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.6EPSS: 0%CPEs: 37EXPL: 0CVE-2002-2401
https://notcve.org/view.php?id=CVE-2002-2401
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. NT Virtual DOS Machine (NTVDM.EXE) en Windows 2000, NT y XP no verifica los permisos de ejecución del usuario para archivos ejecutables de 16 bits, lo que permite a los usuarios locales pasar por alto el cargador y ejecutar programas arbitrarios. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B319458 http://www.abtrusion.com/msexe16.asp http://www.iss.net/security_center/static/10132.php http://www.securityfocus.com/bid/5740 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 1CVE-2002-1700 – ColdFusion MX - Missing Template Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1700
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. • https://www.exploit-db.com/exploits/21548 http://online.securityfocus.com/archive/1/277487 http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 http://www.securityfocus.com/bid/5011 https://exchange.xforce.ibmcloud.com/vulnerabilities/9360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2002-2077
https://notcve.org/view.php?id=CVE-2002-2077
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. El cliente DCOM en Windows 2000 anterior al SP3 no borra la memoria correctamente antes de enviar una solicitud de "alterar contexto", lo que puede permitir a los atacantes remotos obtener información sensible mediante el sniffing de la sesión. • http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq300367 http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm http://www.iss.net/security_center/static/8739.php http://www.securityfocus.com/bid/4410 •
CVSS: 5.0EPSS: 7%CPEs: 26EXPL: 3CVE-2002-1712 – Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service
https://notcve.org/view.php?id=CVE-2002-1712
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. • https://www.exploit-db.com/exploits/21246 https://www.exploit-db.com/exploits/21245 http://online.securityfocus.com/archive/1/252616 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq280446 http://www.securityfocus.com/bid/3967 https://exchange.xforce.ibmcloud.com/vulnerabilities/8037 •