Page 3 of 17 results (0.004 seconds)

CVSS: 5.0EPSS: 13%CPEs: 3EXPL: 0

Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. • http://www.securityfocus.com/bid/4853 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033 •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. Desbordamiento de buffer en el filtro ISAPI AuthFilter en Microsoft Commerce Server 2000 permite a atacantes remotos ejecutar código arbitrario mediante datos de autentificación largos. • http://www.securityfocus.com/bid/4157 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-010 •

CVSS: 5.0EPSS: 95%CPEs: 7EXPL: 1

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 http://www.microsoft.com/technet/support/kb.asp?ID=249599 http://www.securityfocus.com/bid/1081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019 •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606 http://www.osvdb.org/8098 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058 •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401 http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061 •