Microsoft Site_server_commerce
8 CVEs affecting Microsoft Site_server_commerce. Latest disclosed: 2002-12-31. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2002-2081 | | 2002-12-31 | cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetUR… | |
CVE-2002-2073 | | 2002-12-31 | Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary we… | |
CVE-2002-1769 | | 2002-12-31 | Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "L… | |
CVE-2000-0246 | | 2000-03-30 | IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the… | |
CVE-2000-0025 | | 1999-12-21 | IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such… | |
CVE-2000-0024 | | 1999-12-21 | IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka… | |
CVE-1999-0910 | | 1999-09-10 | Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used… | |
CVE-1999-0861 | | 1999-08-11 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. |