CVSS: 7.5EPSS: 28%CPEs: 1EXPL: 0CVE-2000-0709
https://notcve.org/view.php?id=CVE-2000-0709
21 Sep 2000 — The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0288.html •
CVSS: 5.0EPSS: 54%CPEs: 1EXPL: 0CVE-2000-0710
https://notcve.org/view.php?id=CVE-2000-0710
21 Sep 2000 — The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0288.html •
CVSS: 7.5EPSS: 18%CPEs: 3EXPL: 0CVE-2000-0746
https://notcve.org/view.php?id=CVE-2000-0746
21 Sep 2000 — Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. • http://www.securityfocus.com/bid/1594 •
CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 0CVE-2000-0419
https://notcve.org/view.php?id=CVE-2000-0419
11 May 2000 — The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. • http://www.cert.org/advisories/CA-2000-07.html •
CVSS: 5.3EPSS: 59%CPEs: 3EXPL: 1CVE-2000-0413 – FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
https://notcve.org/view.php?id=CVE-2000-0413
06 May 2000 — The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. • https://www.exploit-db.com/exploits/19897 •
CVSS: 8.1EPSS: 30%CPEs: 3EXPL: 2CVE-2000-0256 – FrontPage 97/98 - Server Image Mapper Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0256
19 Apr 2000 — Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability. • https://www.exploit-db.com/exploits/19853 •
CVSS: 9.8EPSS: 24%CPEs: 2EXPL: 2CVE-2000-0260 – Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Filename Obfuscation
https://notcve.org/view.php?id=CVE-2000-0260
14 Apr 2000 — Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. • https://www.exploit-db.com/exploits/19845 •
CVSS: 5.3EPSS: 40%CPEs: 2EXPL: 0CVE-2000-0122
https://notcve.org/view.php?id=CVE-2000-0122
03 Feb 2000 — Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. • http://www.securityfocus.com/archive/1/470458/100/0/threaded •
CVSS: 7.4EPSS: 8%CPEs: 4EXPL: 2CVE-1999-1016 – Microsoft Internet Explorer 5 - HTML Form Control Denial of Service
https://notcve.org/view.php?id=CVE-1999-1016
27 Aug 1999 — Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. • https://www.exploit-db.com/exploits/19471 •
CVSS: 7.5EPSS: 42%CPEs: 1EXPL: 0CVE-1999-1052
https://notcve.org/view.php?id=CVE-1999-1052
24 Aug 1999 — Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. • http://marc.info/?l=bugtraq&m=93582550911564&w=2 •