mattmurphy

6 exploits Active since Oct 2002
CVE-2003-0332 EXPLOITDB text WRITEUP
BadBlue <2.2 - Auth Bypass
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
CVE-2002-2403 EXPLOITDB perl WORKING POC
KEY Focus KF Web Server - Path Traversal
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
EIP-2026-110842 EXPLOITDB text WORKING POC
PHP-Nuke 5.x/6.0/6.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2002-1986 EXPLOITDB perl WORKING POC
Perception LiteServe <2.0.1 - Info Disclosure
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
CVE-2002-0840 EXPLOITDB text WORKING POC
Apache HTTP Server - XSS
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
CVE-2002-2416 EXPLOITDB perl WORKING POC
Zeroo HTTP Server - Path Traversal
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.