8 matches found
Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by t...
CVE-2002-2073
Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...
CVE-2002-1769
Microsoft Site Server 3.0 before SP4 has a default LDAP_Anonymous user with password LdapPassword_1, enabling remote attackers to log on locally with the Log on locally privilege. The vulnerability arises from setting a default account/password that grants local access, as documented in CVE-2002-...
CVE-1999-1451
The CVE-1999-1451 entry concerns the Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0. The vulnerable component is Winmsdp.exe, enabling remote attackers to read arbitrary files. The provided documents do not specify the attack vector details beyond remote reading of files, nor do they name...
CVE-2000-0161
This CVE (CVE-2000-0161) arises from Microsoft Site Server 3.0 Commerce Edition failing to validate an identification number, enabling remote SQL command execution via input handling. The vulnerability affects the Site Server Commerce component where input is used in SQL queries without proper va...
CVE-2000-0025
The CVE-2000-0025 entry concerns IIS 4.0 and Site Server 3.0, where remote attackers can read ASP source code if the target file resides in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll (the so‑called Virtual Directory Naming vulnerability). The affecte...
CVE-2000-0161
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands...
CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability...