Site Server Security Vulnerabilities and Issues — Site Server CVE List

Lucene search

MicrosoftSite Server

4 matches found

CVE•added 2005/06/21 4:0 a.m.•80 views

CVE-2002-1769

Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.

7.5CVSS6.7AI score0.18966EPSS

CVE•added 2000/02/04 5:0 a.m.•36 views

CVE-1999-0360

MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.

7.2CVSS7.1AI score0.07766EPSS

CVE•added 2000/03/22 5:0 a.m.•34 views

CVE-2000-0161

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.

7.5CVSS7.9AI score0.08393EPSS

CVE•added 2002/03/09 5:0 a.m.•32 views

CVE-1999-1246

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

7.5CVSS7AI score0.0094EPSS