8 matches found
CVE-2002-1769
Microsoft Site Server 3.0 before SP4 has a default LDAP_Anonymous user with password LdapPassword_1, enabling remote attackers to log on locally with the Log on locally privilege. The vulnerability arises from setting a default account/password that grants local access, as documented in CVE-2002-...
CVE-2000-0246
The vulnerability CVE-2000-0246 affects Microsoft IIS 4.0/5.0 where ISAPI extension processing fails for a virtual directory mapped to a UNC share, enabling remote attackers to read ASP source and other files. OpenVAS/Nessus entries confirm ASP/HTR source disclosure via UNC-path access. No remedi...
CVE-2000-0025
The CVE-2000-0025 entry concerns IIS 4.0 and Site Server 3.0, where remote attackers can read ASP source code if the target file resides in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll (the so‑called Virtual Directory Naming vulnerability). The affecte...
CVE-2002-2073
Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...
CVE-2000-0024
CVE-2000-0024 affects Microsoft IIS. The vulnerability is caused by improper URL canonicalization, enabling remote attackers to bypass access controls in third-party software through escape characters. The provided documents identify the issue and its description, but do not include concrete reme...
CVE-1999-0861
CVE-1999-0861 describes a race condition in the SSL ISAPI filter used by IIS and other servers, which may leak information in plaintext. The connected materials reiterate the high-level description but do not specify affected products/versions, root cause details beyond “race condition,” or concr...
CVE-2002-2081
CVE-2002-2081 affects cphost.dll in Microsoft Site Server 3.0. A remote attacker can trigger a denial of service by sending an HTTP POST with a long TargetURL parameter, causing Site Server to abort and leaving the uploaded file in c:\temp. The available connected documents confirm the component ...
CVE-1999-0910
CVE-1999-0910 affects Microsoft Site Server and Commercial Internet System (MCIS). The issue is that cookies are not given an expiration, allowing proxies to cache them and potentially be reused by a different user. This could lead to cross-user cookie exposure and session confusion. The availabl...