Page 2 of 16 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. • http://support.microsoft.com/support/kb/articles/Q229/9/72.asp https://exchange.xforce.ibmcloud.com/vulnerabilities/2068 •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0

The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. • http://support.microsoft.com/support/kb/articles/q231/3/68.asp https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/3271 •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606 http://www.osvdb.org/8098 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058 •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401 http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061 •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. • http://www.securityfocus.com/bid/625 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-035 •