MS12-027: Description of the security update for Microsoft Commerce Server 2007 Service Pack 2: April 10, 2012

Describes the security update for Microsoft Commerce Server 2007 that was released on April 10, 2012.INTRODUCTIONMicrosoft has released security bulletin MS12-027. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)

This host is missing a critical security update according to Microsoft Bulletin MS12-060. OpenVAS Vulnerability Test $Id: secpodms12-060.nasl 5912 2017-04-10 09:01:51Z teissa $ Microsoft Windows Common Controls Remote Code Execution Vulnerability 2720573 Authors: Veerendra G G Copyright: Copyrigh...

Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)

This host is missing a critical security update according to Microsoft Bulletin MS12-027. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS12-027: Description of the security update for Microsoft Commerce Server 2009: April 10, 2012

Describes the security update for Microsoft Commerce Server 2009 that was released on April 10, 2012.INTRODUCTIONMicrosoft has released security bulletin MS12-027. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

Microsoft Office Web Component Memory Access Violation Denial of Service Vulnera

Microsoft Office Web组件一款基与Web的数据透视表控件。 Microsoft Office Web包含的ActiveX控件存在设计错误，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建恶意的EWB页，诱使用户访问，可导致对应用程序进行拒绝服务攻击。 Microsoft Office Web Components 2003 0 + Microsoft BizTalk Server 2002 Developer Edition + Microsoft BizTalk Server 2002 Enterprise Edition + Microsoft Commer...

Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass

The version of Microsoft Commerce Server 2002 installed on the remote host may enable an attacker to bypass authentication if the sample files from the 'AuthFiles' folder are installed under the web server's document root. Note that successful exploitation of this issue requires knowledge of the...

Authentication flaw

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice...

CVE-2006-1257

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice...

CVE-2006-1257

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice...

Microsoft Commerce Server 2002: Logon as known user with a false password

Microsoft Commerce Server 2002: Logon as known user with a false password Vulnerable: Microsoft Windows Server 2000/2003 + Internet Information Server 5/6 + Commerce Server 2002 Discussion: Microsoft Commerce Server is used by company's who want to give customers the opportunity to change there o...

Microsoft Commerce Server authentication bypass

It's possible to login with known username without password. Fixed with Service Pack 2...

CVE-2002-0621

Buffer overflow in the Office Web Components OWC package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer...

CVE-2002-0621

CVE-2002-0621 involves a buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000. The underlying cause is a vulnerable installer routine that can be triggered by specific input to the OWC package installer, allowing a remote attacker to cause th...

CVE-2002-0622

The CVE-2002-0622 entry concerns the Office Web Components (OWC) package installer used with Microsoft Commerce Server 2000. The vulnerability allows remote attackers to execute commands by providing input to the OWC package installer (Command Execution via installer input). This is described as ...

CVE-2002-0623

The CVE-2002-0623 entry describes a buffer overflow in the AuthFilter ISAPI filter of Microsoft Commerce Server 2000 and 2002. The vulnerability allows remote attackers to execute arbitrary code by sending long authentication data. Connected documents confirm the affected product and component, a...

CVE-2002-0623

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun"...

CVE-2002-0622

The Office Web Components OWC package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution"...

Multiple buffer overflows in Microsoft Commerce Server

Buffer overflows in Profile Service...

Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)

NGSSoftware Insight Security Research Advisory Name: Microsoft Commerce Server 2000 & Commerce Server 2002 Systems Affected: WinNT, Win2K, XP Severity: High Risk Category: Buffer Overrun & Command Execution Vendor URL: http://www.microsoft.com/ Authors: Mark Litchfield [email protected] & Davi...

CVE-2002-0621

Buffer overflow in the Office Web Components OWC package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer...