CVE-2002-0980

The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL...

CVE-2002-0654

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...

CVE-2002-0654

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...

Aestiva HTMLOS 2.4 - Cross-Site Scripting

Aestiva HTMLOS 2.4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5618/info Aestiva HTML/OS is a database engine and development suite for building websites and web-based software products. HTML/OS does not sufficiently sanitize metacharacters from error message output. In...

CVE-2002-0980

The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL...

CVE-2002-0654

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...

CVE-2002-1453

Cross-site scripting XSS vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message...

CVE-2002-0483

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname...

CVE-2002-0733

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message...

CVE-2002-0524

ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...

CVE-2002-0463

home.php in ARSC Really Simple Chat 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsclanguage parameter, which leaks the pathname in an error message...

W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is...

BlueFace Falcon Web Server 2.0 - Error Message Cross-Site Scripting

BlueFace Falcon Web Server 2.0 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/5435/info Falcon Webserver does not sufficiently sanitize HTML tags from error message output. In particular, attackers may inject HTML into 301 and 404 error pages. It is possible to...

CVE-2002-0445

article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message...

CVE-2002-0408

htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message...

Login errors in 1.3

When logging in as our special user who is restricted to one certain project, I get this error message from secure/Dashboard.jspa java.lang.IllegalArgumentException: Source may not be null at webwork.util.SubsetIteratorFilter.setSourceSubsetIteratorFilter.java:33 at...

CVE-2002-0107

Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message...

CVE-2002-0576

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message...

CVE-2002-0596

WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to getodtoc.pl with an empty Profile parameter, which leaks the pathname in an error message...

CVE-2002-0524

ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...