16 matches found
CVE-1999-0867
CVE-1999-0867 describes a denial of service affecting IIS 4.0 caused by a flood of HTTP requests with malformed headers. The available connected documents corroborate a remote DoS scenario, originating from malformed header handling in IIS 4.0. The core vulnerability is the server’s inability to ...
CVE-1999-0007
Technical details for CVE-1999-0007 are not publicly available in the provided documents. Monitor for updates from authoritative sources.
CVE-2002-1769
Microsoft Site Server 3.0 before SP4 has a default LDAP_Anonymous user with password LdapPassword_1, enabling remote attackers to log on locally with the Log on locally privilege. The vulnerability arises from setting a default account/password that grants local access, as documented in CVE-2002-...
CVE-2000-0246
The vulnerability CVE-2000-0246 affects Microsoft IIS 4.0/5.0 where ISAPI extension processing fails for a virtual directory mapped to a UNC share, enabling remote attackers to read ASP source and other files. OpenVAS/Nessus entries confirm ASP/HTR source disclosure via UNC-path access. No remedi...
CVE-1999-1011
CVE-1999-1011 affects the RDS DataFactory component of Microsoft MDAC used by IIS 3.x/4.x, enabling remote command execution via unsafe DataFactory methods in msadcs.dll. Public docs reference MS99-025 security bulletin and multiple advisories; exploit code and modules exist (e.g., Metasploit MSS...
CVE-1999-1451
The CVE-1999-1451 entry concerns the Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0. The vulnerable component is Winmsdp.exe, enabling remote attackers to read arbitrary files. The provided documents do not specify the attack vector details beyond remote reading of files, nor do they name...
CVE-2000-0025
The CVE-2000-0025 entry concerns IIS 4.0 and Site Server 3.0, where remote attackers can read ASP source code if the target file resides in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll (the so‑called Virtual Directory Naming vulnerability). The affecte...
CVE-2002-2073
Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...
CVE-2000-0024
CVE-2000-0024 affects Microsoft IIS. The vulnerability is caused by improper URL canonicalization, enabling remote attackers to bypass access controls in third-party software through escape characters. The provided documents identify the issue and its description, but do not include concrete reme...
CVE-1999-0861
CVE-1999-0861 describes a race condition in the SSL ISAPI filter used by IIS and other servers, which may leak information in plaintext. The connected materials reiterate the high-level description but do not specify affected products/versions, root cause details beyond “race condition,” or concr...
CVE-2002-2081
CVE-2002-2081 affects cphost.dll in Microsoft Site Server 3.0. A remote attacker can trigger a denial of service by sending an HTTP POST with a long TargetURL parameter, causing Site Server to abort and leaving the uploaded file in c:\temp. The available connected documents confirm the component ...
CVE-1999-1520
The CVE-1999-1520 issue is a configuration problem in the Ad Server Sample directory (AdSamples) of Microsoft Site Server 3.0. The root cause is misconfiguration that allows an attacker to obtain the SITE.CSC file, exposing sensitive SQL database information. Affected software: Microsoft Site Ser...
CVE-1999-0360
CVE-1999-0360 affects MS Site Server 2.0 on IIS 4, where the web server can accept uploaded content (including ASP), enabling remote command execution. A Nessus plugin notes a specific verifiable vector: the repost.asp script allows uploading arbitrary files to /Users when misconfigured. Root cau...
CVE-1999-0910
CVE-1999-0910 affects Microsoft Site Server and Commercial Internet System (MCIS). The issue is that cookies are not given an expiration, allowing proxies to cache them and potentially be reused by a different user. This could lead to cross-user cookie exposure and session confusion. The availabl...
CVE-2000-0161
This CVE (CVE-2000-0161) arises from Microsoft Site Server 3.0 Commerce Edition failing to validate an identification number, enabling remote SQL command execution via input handling. The vulnerability affects the Site Server Commerce component where input is used in SQL queries without proper va...
CVE-1999-1246
The CVE-1999-1246 entry relates to Microsoft Site Server 3.0: the Direct Mailer feature stores user domain names and passwords in plaintext in the TMLBQueue share, which has insecure default permissions. This enables remote read of passwords and privilege escalation as described. The documents do...