CVSS: 9.8EPSS: 16%CPEs: 3EXPL: 0CVE-2002-0620
https://notcve.org/view.php?id=CVE-2002-0620
01 Jul 2002 — Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. • http://www.securityfocus.com/bid/4853 •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2002-0050
https://notcve.org/view.php?id=CVE-2002-0050
08 Mar 2002 — Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. Desbordamiento de buffer en el filtro ISAPI AuthFilter en Microsoft Commerce Server 2000 permite a atacantes remotos ejecutar código arbitrario mediante datos de autentificación largos. • http://www.securityfocus.com/bid/4157 •
CVSS: 7.5EPSS: 83%CPEs: 7EXPL: 1CVE-2000-0246 – Microsoft IIS 4.0 - UNC Mapped Virtual Host
https://notcve.org/view.php?id=CVE-2000-0246
30 Mar 2000 — IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 •
CVSS: 9.1EPSS: 12%CPEs: 3EXPL: 0CVE-2000-0024
https://notcve.org/view.php?id=CVE-2000-0024
21 Dec 1999 — IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401 •
CVSS: 7.5EPSS: 46%CPEs: 3EXPL: 0CVE-2000-0025
https://notcve.org/view.php?id=CVE-2000-0025
21 Dec 1999 — IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606 •
CVSS: 9.1EPSS: 19%CPEs: 4EXPL: 0CVE-1999-0910
https://notcve.org/view.php?id=CVE-1999-0910
10 Sep 1999 — Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. • http://www.securityfocus.com/bid/625 •
CVSS: 5.9EPSS: 5%CPEs: 5EXPL: 0CVE-1999-0861
https://notcve.org/view.php?id=CVE-1999-0861
11 Aug 1999 — Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ244613 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •