Page 5 of 33 results (0.002 seconds)

CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 0

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0288.html http://msdn.microsoft.com/workshop/languages/fp/2000/sr12.asp http://www.securityfocus.com/bid/1608 •

CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 0

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0288.html http://msdn.microsoft.com/workshop/languages/fp/2000/sr12.asp http://www.securityfocus.com/bid/1608 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. • http://www.securityfocus.com/bid/1594 http://www.securityfocus.com/bid/1595 http://www.securityfocus.com/templates/archive.pike?list=1&msg=39A12BD6.E811BF4F%40nat.bg https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060 •

CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. • http://www.cert.org/advisories/CA-2000-07.html http://www.microsoft.com/technet/support/kb.asp?ID=262767 http://www.securityfocus.com/bid/1197 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-034 •

CVSS: 5.0EPSS: 90%CPEs: 3EXPL: 1

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. • https://www.exploit-db.com/exploits/19897 http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html http://www.securityfocus.com/bid/1174 •