CVE-2000-0098
https://notcve.org/view.php?id=CVE-2000-0098
Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006 •
CVE-2000-0097 – Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - Directory Traversal
https://notcve.org/view.php?id=CVE-2000-0097
The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. • https://www.exploit-db.com/exploits/19731 http://www.osvdb.org/1210 http://www.securityfocus.com/bid/950 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006 •
CVE-1999-1011 – Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS
https://notcve.org/view.php?id=CVE-1999-1011
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. • https://www.exploit-db.com/exploits/19425 https://www.exploit-db.com/exploits/19424 http://www.ciac.org/ciac/bulletins/j-054.shtml http://www.osvdb.org/272 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025 https://www.securityfocus.com/bid/529 - • CWE-264: Permissions, Privileges, and Access Controls •
CVE-1999-1397
https://notcve.org/view.php?id=CVE-1999-1397
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. • http://marc.info/?l=bugtraq&m=92242671024118&w=2 http://marc.info/?l=ntbugtraq&m=92223293409756&w=2 http://www.iss.net/security_center/static/7559.php http://www.securityfocus.com/bid/476 •