13 matches found
CVE-2000-0413
The vulnerability CVE-2000-0413 affects the FrontPage Server Extensions shtml.exe component in IIS 4.0/5.0. A remote attacker can trigger an error by requesting a non-existent HTML/HTM/ASP/SHTML file, causing the server to reveal the local absolute path of the web root in the error message. This ...
CVE-2000-0709
The CVE-2000-0709 issue affects Microsoft FrontPage 2000 Server Extensions 1.1, specifically the shtml.exe component. A remote attacker can trigger a denial-of-service condition by requesting a URL whose path includes a standard DOS device name, leading to partial availability impact as described...
CVE-1999-0012
CVE-1999-0012 affects some Microsoft Windows-based web servers where remote attackers can bypass file access restrictions for files with long file names. The connected documents confirm the vulnerability description but do not provide concrete product versions, fixed versions, or remediation step...
CVE-2000-0153
The CVE-2000-0153 entry concerns FrontPage Personal Web Server (PWS). It describes a path traversal vulnerability (dot-dot attack) that allows remote attackers to read files, resulting in partial confidentiality impact. The available connected records confirm the affected product and the basic im...
CVE-2000-0746
The CVE-2000-0746 entry concerns a Microsoft IIS XSS vulnerability affecting IIS 4.0 and 5.0. The issue arises from improper handling of unquoted script content in links returned within error messages, allowing a malicious site to craft a link that executes scripts in the context of a trusted sit...
CVE-2000-0256
The CVE-2000-0256 entry describes buffer overflows in FrontPage 97/98 Server Extensions, specifically htimage.exe (and Imagemap.exe) that allow a remote attacker to perform actions beyond the web site’s scope. A concrete exploit path is documented for htimage.exe via /cgi-bin/htimage.exe/AAAA[......
CVE-2000-0710
Affected product/component: Microsoft FrontPage 2000 Server Extensions 1.1, shtml.exe. Vulnerability: Remote attackers can determine the physical path of server components by requesting an invalid URL whose name includes a standard DOS device name. Impact: Information disclosure (partial). Root c...
CVE-1999-1016
CVE-1999-1016 concerns the Microsoft HTML control used in Internet Explorer 5.0, FrontPage Express, Outlook Express 5, and Eudora. The vulnerability allows a remote attacker (via a malicious web site or HTML email) to trigger a denial of service by crafting large HTML form fields (e.g., text inpu...
CVE-1999-0386
CVE-1999-0386 affects Microsoft Personal Web Server and FrontPage Personal Web Server on Windows. Connected sources confirm a remote attacker can read server files via a nonstandard URL, with additional evidence describing a traversal-like vector using multiple dot characters (e.g., dot-dot-dot s...
CVE-2000-0260
The CVE-2000-0260 issue is a buffer overflow in the dvwssr.dll used by Microsoft FrontPage 98 Server Extensions for IIS, exposed via InterDev 1.0 and related IIS packages. The Core Advisory CORE-041200 documents a remotely exploitable boundary error in dvwssr.dll (FrontPage 98 extensions) that ca...
CVE-2005-2143
CVE-2005-2143 affects Microsoft Front Page; a crafted style tag in a web page can cause the application to crash (denial of service). The connected records reiterate the DoS impact but do not provide concrete exploit details, versions, or remediation steps. No explicit exploitation vectors or fix...
CVE-2007-3109
The CVE-2007-3109 description in the connected documents identifies the CERN Image Map Dispatcher (htimage.exe) used by Microsoft FrontPage as the affected component. The vulnerability allows remote attackers to determine the existence and potentially partial contents of arbitrary files under the...
CVE-1999-1052
Microsoft FrontPage stores form results in a default location under /_private/form_results.txt, which is world-readable and accessible from the document root. This allows remote attackers to read possibly sensitive information submitted by other users. The available connected records confirm the ...