Frontpage Security Vulnerabilities and Issues — Frontpage CVE List

Lucene search

MicrosoftFrontpage

11 matches found

CVE•added 2000/06/15 4:0 a.m.•125 views

CVE-2000-0413

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

5CVSS6.4AI score0.59392EPSS

CVE•added 2000/10/20 4:0 a.m.•105 views

CVE-2000-0709

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.

5CVSS6.5AI score0.28943EPSS

CVE•added 2000/10/20 4:0 a.m.•61 views

CVE-2000-0710

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.

5CVSS6.7AI score0.55141EPSS

CVE•added 2000/02/23 5:0 a.m.•55 views

CVE-2000-0153

FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack.

5CVSS6.9AI score0.32532EPSS

CVE•added 1999/09/29 4:0 a.m.•51 views

CVE-1999-0386

Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.

5CVSS6.4AI score0.72573EPSS

CVE•added 2001/09/12 4:0 a.m.•49 views

CVE-1999-1016

Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a tab...

5CVSS7.4AI score0.08651EPSS

CVE•added 2001/05/07 4:0 a.m.•45 views

CVE-1999-0681

Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.

5CVSS7.3AI score0.10235EPSS

CVE•added 2000/02/08 5:0 a.m.•44 views

CVE-2000-0122

Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.

5CVSS6.8AI score0.40318EPSS

CVE•added 2005/07/10 4:0 a.m.•44 views

CVE-2004-2179

asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.

5CVSS6.9AI score0.12358EPSS

CVE•added 2005/07/05 4:0 a.m.•43 views

CVE-2005-2143

Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.

5CVSS6.7AI score0.1028EPSS

CVE•added 2001/09/12 4:0 a.m.•37 views

CVE-1999-1052

Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.

5CVSS6.6AI score0.42184EPSS