CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2003-0456
https://notcve.org/view.php?id=CVE-2003-0456
15 Jul 2003 — VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. VisNetic WebSite 3.5 permite a atacantes remotos obtener la ruta completa del servidor mediante una petición conteniendo una carpeta que no existe, lo que filtra la ruta en un mensaje de error, como se demostró usando _vti_bin/fpcount.exe. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2002-2241
https://notcve.org/view.php?id=CVE-2002-2241
31 Dec 2002 — Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0101.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2002-2246 – Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2246
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page. • https://www.exploit-db.com/exploits/22083 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •