RSS   Vulnerabilities for 'Site server commerce'   RSS

2002-12-31
 
CVE-2002-2081

 

 
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.

 
 
CVE-2002-2073

 

 
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.

 
 
CVE-2002-1769

 

 
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.

 
2000-03-30
 
CVE-2000-0246

CWE-Other
 

 
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

 
1999-12-21
 
CVE-2000-0025

CWE-Other
 

 
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

 
 
CVE-2000-0024

CWE-Other
 

 
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

 
1999-09-10
 
CVE-1999-0910

CWE-Other
 

 
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.

 
1999-08-11
 
CVE-1999-0861

CWE-362
 

 
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

 

 >>> Vendor: Microsoft 509 Products
Exchange server
Internet information server
Site server
Frontpage
Personal web server
Windows 95
Windows nt
Winsock
IE
Windows 2000
WINS
Netmeeting
WORD
Windows 98
Access
Backoffice
Backoffice resource kit
Office
Outlook
Project
Visual basic
Terminal server
All windows
Excel
Hotmail
Java virtual machine
Commercial internet system
Site server commerce
Windows 98se
Outlook express
Windows explorer
Sql server
Data access components
Index server
Sna server
Zero administration kit
Powerpoint
Msn setup bulletin board services
Visual interdev
Webtv
Office converter pack
Systems management server
Virtual machine
Visual studio
Clip art
Greetings
Home publishing
Data engine
Windows media services
Windows messaging
Windows media rights manager
Proxy server
JET
Active movie control
Photodraw 2000
Works
Money
Network monitor
Windows media player
Indexing service
Windows me
MSDE
Windows xp
Windows script host
PLUS
Windows ce
Isa server
Frontpage server extensions
Services
Windows 2000 terminal services
Interix
Commerce server
Xml core services
Entourage
Msn chat control
Msn messenger
Msn messenger service for exchange
.net framework
Windows 98 plus pack
Microsoft data access components
Visual foxpro
Metadirectory services
Content management server
Tsac activex control
Office web components
Windows help
Ie for macintosh
.net windows server
Directx files viewer control
File transfer manager
Baseline security analyzer
Foundation class library
Windows 2003 server
Network firmware
Windows-nt
Biztalk server
Directx
Visio
Wordperfect converter
Asp.net
See all Products for Vendor Microsoft


Copyright 2019, cxsecurity.com

 

Back to Top