CVE-2002-0524

The CVE-2002-0524 entry affects ASP-Nuke RC2 and earlier . The vulnerability arises from error messages that disclose the server’s absolute path when attackers trigger two conditions: (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments. This results...

CVE-2002-0523

ASP-Nuke RC2 and earlier are affected by an information disclosure vulnerability where an attacker can locally modify the user cookie and submit it to cause the server to reveal the list of currently logged-in users (or show the web root path in an error). Affected component: ASP-Nuke RC1–RC2 (co...

CVE-2002-0521

ASP-Nuke RC2 and earlier are affected by a cross-site scripting (XSS) vulnerability. The issue arises in multiple input points: downloads.asp (name parameter), Post.asp (message parameter), and profile.asp (web site URL), allowing remote attackers to execute script in a user’s browser and potenti...

CVE-2002-0522

ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie. The flaw is in how ASP-Nuke uses cookies for authentication, enabling cookie tampering to impersonate other users (including admin). Vendor patch status is not provided ...