Lucene search
K
MicrosoftSite Server

16 matches found

CVE
CVE
added 2000/01/04 5:0 a.m.110 views

CVE-1999-0867

CVE-1999-0867 describes a denial of service affecting IIS 4.0 caused by a flood of HTTP requests with malformed headers. The available connected documents corroborate a remote DoS scenario, originating from malformed header handling in IIS 4.0. The core vulnerability is the server’s inability to ...

5CVSS6.5AI score0.21525EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.95 views

CVE-1999-0007

Technical details for CVE-1999-0007 are not publicly available in the provided documents. Monitor for updates from authoritative sources.

5CVSS7.4AI score0.07637EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.93 views

CVE-2002-1769

Microsoft Site Server 3.0 before SP4 has a default LDAP_Anonymous user with password LdapPassword_1, enabling remote attackers to log on locally with the Log on locally privilege. The vulnerability arises from setting a default account/password that grants local access, as documented in CVE-2002-...

7.5CVSS6.7AI score0.11699EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.91 views

CVE-2000-0246

The vulnerability CVE-2000-0246 affects Microsoft IIS 4.0/5.0 where ISAPI extension processing fails for a virtual directory mapped to a UNC share, enabling remote attackers to read ASP source and other files. OpenVAS/Nessus entries confirm ASP/HTR source disclosure via UNC-path access. No remedi...

5CVSS6.8AI score0.79976EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.80 views

CVE-1999-1011

CVE-1999-1011 affects the RDS DataFactory component of Microsoft MDAC used by IIS 3.x/4.x, enabling remote command execution via unsafe DataFactory methods in msadcs.dll. Public docs reference MS99-025 security bulletin and multiple advisories; exploit code and modules exist (e.g., Metasploit MSS...

10CVSS7.4AI score0.7714EPSS
Web
CVE
CVE
added 2001/09/12 4:0 a.m.71 views

CVE-1999-1451

The CVE-1999-1451 entry concerns the Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0. The vulnerable component is Winmsdp.exe, enabling remote attackers to read arbitrary files. The provided documents do not specify the attack vector details beyond remote reading of files, nor do they name...

5CVSS7.1AI score0.17728EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.70 views

CVE-2000-0025

The CVE-2000-0025 entry concerns IIS 4.0 and Site Server 3.0, where remote attackers can read ASP source code if the target file resides in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll (the so‑called Virtual Directory Naming vulnerability). The affecte...

5CVSS7.2AI score0.34852EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.69 views

CVE-2002-2073

Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...

4.3CVSS5.7AI score0.12864EPSS
CVE
CVE
added 2000/04/25 4:0 a.m.61 views

CVE-2000-0024

CVE-2000-0024 affects Microsoft IIS. The vulnerability is caused by improper URL canonicalization, enabling remote attackers to bypass access controls in third-party software through escape characters. The provided documents identify the issue and its description, but do not include concrete reme...

6.4CVSS7.1AI score0.12223EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.57 views

CVE-1999-0861

CVE-1999-0861 describes a race condition in the SSL ISAPI filter used by IIS and other servers, which may leak information in plaintext. The connected materials reiterate the high-level description but do not specify affected products/versions, root cause details beyond “race condition,” or concr...

2.6CVSS6.7AI score0.03237EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.51 views

CVE-2002-2081

CVE-2002-2081 affects cphost.dll in Microsoft Site Server 3.0. A remote attacker can trigger a denial of service by sending an HTTP POST with a long TargetURL parameter, causing Site Server to abort and leaving the uploaded file in c:\temp. The available connected documents confirm the component ...

5CVSS6.9AI score0.13903EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.48 views

CVE-1999-1520

The CVE-1999-1520 issue is a configuration problem in the Ad Server Sample directory (AdSamples) of Microsoft Site Server 3.0. The root cause is misconfiguration that allows an attacker to obtain the SITE.CSC file, exposing sensitive SQL database information. Affected software: Microsoft Site Ser...

5CVSS7.2AI score0.10637EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.46 views

CVE-1999-0360

CVE-1999-0360 affects MS Site Server 2.0 on IIS 4, where the web server can accept uploaded content (including ASP), enabling remote command execution. A Nessus plugin notes a specific verifiable vector: the repost.asp script allows uploading arbitrary files to /Users when misconfigured. Root cau...

7.2CVSS7.1AI score0.05576EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.45 views

CVE-1999-0910

CVE-1999-0910 affects Microsoft Site Server and Commercial Internet System (MCIS). The issue is that cookies are not given an expiration, allowing proxies to cache them and potentially be reused by a different user. This could lead to cross-user cookie exposure and session confusion. The availabl...

5CVSS6.9AI score0.05777EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.45 views

CVE-2000-0161

This CVE (CVE-2000-0161) arises from Microsoft Site Server 3.0 Commerce Edition failing to validate an identification number, enabling remote SQL command execution via input handling. The vulnerability affects the Site Server Commerce component where input is used in SQL queries without proper va...

7.5CVSS7.9AI score0.10069EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.44 views

CVE-1999-1246

The CVE-1999-1246 entry relates to Microsoft Site Server 3.0: the Direct Mailer feature stores user domain names and passwords in plaintext in the TMLBQueue share, which has insecure default permissions. This enables remote read of passwords and privilege escalation as described. The documents do...

7.5CVSS7AI score0.09207EPSS