Page 2 of 17 results (0.002 seconds)

CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 0

Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html http://online.securityfocus.com/advisories/3843 http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3BQ248840 http://www.securityfocus.com/bid/3998 https://exchange.xforce.ibmcloud.com/vulnerabilities/8048 •

CVSS: 5.0EPSS: 1%CPEs: 16EXPL: 0

cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html http://www.iss.net/security_center/static/8053.php http://www.securityfocus.com/bid/4002 •

CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". • http://www.iss.net/security_center/static/9426.php http://www.osvdb.org/5163 http://www.securityfocus.com/bid/5112 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033 •

CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0

The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". • http://www.iss.net/security_center/static/9425.php http://www.osvdb.org/5170 http://www.securityfocus.com/bid/5111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033 •

CVSS: 5.0EPSS: 38%CPEs: 3EXPL: 0

Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. • http://www.iss.net/security_center/static/9424.php http://www.osvdb.org/5172 http://www.securityfocus.com/bid/5108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033 •