threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft site server
Product
microsoft site server
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2019-11401
all versions
A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can
7.2
HIGH
CVE-2002-2288
all versions
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a
CVE-2002-2081
all versions
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST o
CVE-2002-2073
all versions
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote att
CVE-2002-1769
all versions
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which a
CVE-2000-0246
all versions
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows
CVE-2000-0161
all versions
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attac
CVE-1999-1451
all versions
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
CVE-1999-1246
all versions
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network sha
CVE-2000-0025
all versions
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose n
CVE-2000-0024
all versions
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party softwa
CVE-1999-0910
all versions
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a
CVE-1999-0867
all versions
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
CVE-1999-0861
all versions
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
CVE-1999-1011
all versions
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe m
CVE-1999-1520
all versions
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain th
CVE-1999-0360
all versions
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to exec
CVE-1999-0007
all versions
Information from SSL-encrypted sessions via PKCS #1.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin