35 matches found
CVE-1999-0910
Microsoft Site Server and Commercial Internet System MCIS do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user...
EUVD-2000-0160
Malware in sbrugna...
EUVD-1999-1227
Malware in sbrugna...
EUVD-2002-2052
Malware in sbrugna...
CVE-2002-2081
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service disk consumption via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp...
Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3999/info Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition...
Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1811/info Microsoft Site Server is an intranet server designed for an NT Server with IIS. Site Server enables users to locate and view information stored in various locations through personalized web pages and emails. The...
Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file SITE.CSC which contains sensitive information pertaining to an SQL database. The AdSamples...
CVE-2002-2073
Cross-site scripting XSS vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 ctr parameter in Default.asp and 2 the query string to formslogin.asp...
CVE-2002-2081
CVE-2002-2081 affects cphost.dll in Microsoft Site Server 3.0. A remote attacker can trigger a denial of service by sending an HTTP POST with a long TargetURL parameter, causing Site Server to abort and leaving the uploaded file in c:\temp. The available connected documents confirm the component ...
CVE-2002-2081
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service disk consumption via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp...
CVE-2002-2073
Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...
CVE-2002-1769
Microsoft Site Server 3.0 before SP4 has a default LDAP_Anonymous user with password LdapPassword_1, enabling remote attackers to log on locally with the Log on locally privilege. The vulnerability arises from setting a default account/password that grants local access, as documented in CVE-2002-...
CVE-2002-1769
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAPAnonymous, with a default password of LdapPassword1, which allows remote attackers the "Log on locally" privilege...
CVE-1999-1520
A configuration problem in the Ad Server Sample directory AdSamples in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information...
CVE-1999-1520
The CVE-1999-1520 issue is a configuration problem in the Ad Server Sample directory (AdSamples) of Microsoft Site Server 3.0. The root cause is misconfiguration that allows an attacker to obtain the SITE.CSC file, exposing sensitive SQL database information. Affected software: Microsoft Site Ser...
CVE-2002-1769
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAPAnonymous, with a default password of LdapPassword1, which allows remote attackers the "Log on locally" privilege...
CVE-2002-2073
Cross-site scripting XSS vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 ctr parameter in Default.asp and 2 the query string to formslogin.asp...
CVE-2002-2081
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service disk consumption via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp...
Microsoft Site Server Multiple Script Information Disclosure
The remote web server seems to leak information when some pages are accessed using the account 'LDAPAnonymousUser' with the password 'LdapPassword1'. Pages which leak information include, but are not limited to : - /SiteServer/Admin/knowledge/persmbr/vs.asp -...