Lucene search
K

8 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by t...

7.1AI score
Exploits0
CVE
CVE
added 2005/07/14 4:0 a.m.69 views

CVE-2002-2073

Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...

4.3CVSS5.7AI score0.12864EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2005/06/21 4:0 a.m.92 views

CVE-2002-1769

Microsoft Site Server 3.0 before SP4 has a default LDAP_Anonymous user with password LdapPassword_1, enabling remote attackers to log on locally with the Log on locally privilege. The vulnerability arises from setting a default account/password that grants local access, as documented in CVE-2002-...

7.5CVSS6.7AI score0.11699EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2001/09/12 4:0 a.m.71 views

CVE-1999-1451

The CVE-1999-1451 entry concerns the Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0. The vulnerable component is Winmsdp.exe, enabling remote attackers to read arbitrary files. The provided documents do not specify the attack vector details beyond remote reading of files, nor do they name...

5CVSS7.1AI score0.17728EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2000/03/22 5:0 a.m.44 views

CVE-2000-0161

This CVE (CVE-2000-0161) arises from Microsoft Site Server 3.0 Commerce Edition failing to validate an identification number, enabling remote SQL command execution via input handling. The vulnerability affects the Site Server Commerce component where input is used in SQL queries without proper va...

7.5CVSS7.9AI score0.10069EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2000/03/22 5:0 a.m.70 views

CVE-2000-0025

The CVE-2000-0025 entry concerns IIS 4.0 and Site Server 3.0, where remote attackers can read ASP source code if the target file resides in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll (the so‑called Virtual Directory Naming vulnerability). The affecte...

5CVSS7.2AI score0.34852EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2000/03/22 5:0 a.m.17 views

CVE-2000-0161

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands...

7.5AI score0.10069EPSS
Exploits0References2
NVD
NVD
added 1999/12/21 5:0 a.m.17 views

CVE-2000-0025

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability...

5CVSS6.8AI score0.34852EPSS
Exploits0References3
Rows per page
Query Builder