Lucene search
+L

4 matches found

CVE
CVE
added 2005/07/14 4:0 a.m.71 views

CVE-2002-2073

Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...

4.3CVSS5.7AI score0.12864EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2005/06/21 4:0 a.m.93 views

CVE-2002-1769

Microsoft Site Server 3.0 before SP4 has a default LDAP_Anonymous user with password LdapPassword_1, enabling remote attackers to log on locally with the Log on locally privilege. The vulnerability arises from setting a default account/password that grants local access, as documented in CVE-2002-...

7.5CVSS6.7AI score0.11699EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2000/03/22 5:0 a.m.46 views

CVE-2000-0161

This CVE (CVE-2000-0161) arises from Microsoft Site Server 3.0 Commerce Edition failing to validate an identification number, enabling remote SQL command execution via input handling. The vulnerability affects the Site Server Commerce component where input is used in SQL queries without proper va...

7.5CVSS7.9AI score0.10069EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2000/03/22 5:0 a.m.19 views

CVE-2000-0161

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands...

7.5AI score0.10069EPSS
Exploits0References2
Rows per page
Query Builder