Asp-Nuke: >> Asp-Nuke >> rc1 Security Vulnerabilities
default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.
CVSS Score
8.5
EPSS Score
0.053
Published
2007-03-07
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.
CVSS Score
7.5
EPSS Score
0.011
Published
2002-08-12
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
CVSS Score
5.1
EPSS Score
0.012
Published
2002-08-12
ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie.
CVSS Score
7.5
EPSS Score
0.006
Published
2002-08-12
ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.
CVSS Score
5.0
EPSS Score
0.02
Published
2002-08-12
ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message.
CVSS Score
5.0
EPSS Score
0.023
Published
2002-08-12