Lucene search
K
MicrosoftSite Server Commerce

8 matches found

CVE
CVE
added 2005/06/21 4:0 a.m.93 views

CVE-2002-1769

Microsoft Site Server 3.0 before SP4 has a default LDAP_Anonymous user with password LdapPassword_1, enabling remote attackers to log on locally with the Log on locally privilege. The vulnerability arises from setting a default account/password that grants local access, as documented in CVE-2002-...

7.5CVSS6.7AI score0.11699EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.92 views

CVE-2000-0246

The vulnerability CVE-2000-0246 affects Microsoft IIS 4.0/5.0 where ISAPI extension processing fails for a virtual directory mapped to a UNC share, enabling remote attackers to read ASP source and other files. OpenVAS/Nessus entries confirm ASP/HTR source disclosure via UNC-path access. No remedi...

5CVSS6.8AI score0.79976EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.70 views

CVE-2000-0025

The CVE-2000-0025 entry concerns IIS 4.0 and Site Server 3.0, where remote attackers can read ASP source code if the target file resides in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll (the so‑called Virtual Directory Naming vulnerability). The affecte...

5CVSS7.2AI score0.34852EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.69 views

CVE-2002-2073

Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...

4.3CVSS5.7AI score0.12864EPSS
CVE
CVE
added 2000/04/25 4:0 a.m.61 views

CVE-2000-0024

CVE-2000-0024 affects Microsoft IIS. The vulnerability is caused by improper URL canonicalization, enabling remote attackers to bypass access controls in third-party software through escape characters. The provided documents identify the issue and its description, but do not include concrete reme...

6.4CVSS7.1AI score0.12223EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.57 views

CVE-1999-0861

CVE-1999-0861 describes a race condition in the SSL ISAPI filter used by IIS and other servers, which may leak information in plaintext. The connected materials reiterate the high-level description but do not specify affected products/versions, root cause details beyond “race condition,” or concr...

2.6CVSS6.7AI score0.03237EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.51 views

CVE-2002-2081

CVE-2002-2081 affects cphost.dll in Microsoft Site Server 3.0. A remote attacker can trigger a denial of service by sending an HTTP POST with a long TargetURL parameter, causing Site Server to abort and leaving the uploaded file in c:\temp. The available connected documents confirm the component ...

5CVSS6.9AI score0.13903EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.45 views

CVE-1999-0910

CVE-1999-0910 affects Microsoft Site Server and Commercial Internet System (MCIS). The issue is that cookies are not given an expiration, allowing proxies to cache them and potentially be reused by a different user. This could lead to cross-user cookie exposure and session confusion. The availabl...

5CVSS6.9AI score0.05777EPSS