Microsoft Site_server
16 CVEs affecting Microsoft Site_server. Latest disclosed: 2002-12-31. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2002-2081 | | 2002-12-31 | cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetUR… | |
CVE-2002-2073 | | 2002-12-31 | Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary we… | |
CVE-2002-1769 | | 2002-12-31 | Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "L… | |
CVE-2000-0246 | | 2000-03-30 | IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the… | |
CVE-2000-0161 | | 2000-02-18 | Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. | |
CVE-1999-1451 | | 1999-12-31 | The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. | |
CVE-1999-1246 | | 1999-12-31 | Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure defaul… | |
CVE-2000-0025 | | 1999-12-21 | IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such… | |
CVE-2000-0024 | | 1999-12-21 | IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka… | |
CVE-1999-0910 | | 1999-09-10 | Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used… | |
CVE-1999-0867 | | 1999-08-11 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |
CVE-1999-0861 | | 1999-08-11 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. | |
CVE-1999-1011 | | 1999-07-19 | The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote a… | |
CVE-1999-1520 | | 1999-05-11 | A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which expose… | |
CVE-1999-0360 | | 1999-01-30 | MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | |
CVE-1999-0007 | | 1998-06-26 | Information from SSL-encrypted sessions via PKCS #1. |