NotCVE - vendor:"Microsoft" product:"Site Server" version:"3.0"

Page 2 of 15 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-1999-1246

https://notcve.org/view.php?id=CVE-1999-1246

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. • http://support.microsoft.com/support/kb/articles/Q229/9/72.asp https://exchange.xforce.ibmcloud.com/vulnerabilities/2068 •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0

CVE-1999-1451

https://notcve.org/view.php?id=CVE-1999-1451

The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. • http://support.microsoft.com/support/kb/articles/q231/3/68.asp https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/3271 •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2000-0024

https://notcve.org/view.php?id=CVE-2000-0024

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401 http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061 •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

CVE-2000-0025

https://notcve.org/view.php?id=CVE-2000-0025

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606 http://www.osvdb.org/8098 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058 •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-1999-0910

https://notcve.org/view.php?id=CVE-1999-0910

Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. • http://www.securityfocus.com/bid/625 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-035 •

1 2 3