mattmurphy

6 exploits Active since Oct 2002
CVE-2003-0332 EXPLOITDB text WRITEUP
BadBlue < 2.2 - Unauthenticated Authentication Bypass via .ats Extension
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
CVE-2002-2403 EXPLOITDB perl WORKING POC
KeyFocus kf_web_server 1.0.8 - Path Traversal via Multiple Dot Sequences
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
EIP-2026-110842 EXPLOITDB text WORKING POC
PHP-Nuke 5.x/6.0/6.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2002-1986 EXPLOITDB perl WORKING POC
Perception LiteServe <2.0.1 - Info Disclosure
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
CVE-2002-0840 EXPLOITDB text WORKING POC
Apache HTTP Server < 2.0.43 and 1.3.x <= 1.3.26 - Cross-Site Scripting via Host Header
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
CVE-2002-2416 EXPLOITDB perl WORKING POC
Zeroo http_server 1.5 - Path Traversal via URL GET Request
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.