Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft site server 3.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0075
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote malicious users to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
NA
CVE-2002-0148
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote malicious users to execute arbitrary script as other users via an HTTP error page.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
1 EDB exploit
NA
CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote malicious users to read arbitrary files by specifying a local file as an XML Data Source.
Microsoft Sql Server 2000
Microsoft Xml Core Services 2.6
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 4.0
Microsoft Internet Explorer 6.0
Microsoft Windows Xp
NA
CVE-2000-1105
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
Microsoft Indexing Service
1 EDB exploit
NA
CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote malicious users to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
Microsoft Site Server 3.0
Microsoft Internet Information Services 5.0
Microsoft Proxy Server 2.0
Microsoft Commercial Internet System 2.0
Microsoft Internet Information Server 4.0
Microsoft Commercial Internet System 2.5
Microsoft Site Server Commerce 3.0
1 EDB exploit
NA
CVE-2000-0161
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote malicious users to execute SQL commands.
Microsoft Site Server 3.0
NA
CVE-1999-1451
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote malicious users to read arbitrary files.
Microsoft Site Server 3.0
Microsoft Internet Information Server 4.0
NA
CVE-1999-1246
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote malicious users to read the passwords and gain privileges.
Microsoft Site Server 3.0
NA
CVE-2000-0024
IIS does not properly canonicalize URLs, potentially allowing remote malicious users to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Microsoft Site Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Site Server Commerce 3.0
NA
CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote malicious users to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
Microsoft Site Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Site Server Commerce 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »