cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2012-1856,https://securityvulnerability.io/vulnerability/CVE-2012-1856,,"The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka ""MSCOMCTL.OCX RCE Vulnerability.""",Microsoft,"Visual Foxpro,Sql Server,Commerce Server,Office,Visual Basic,Host Integration Server,Office Web Components",8.8,HIGH,0.8687999844551086,true,false,false,true,,false,false,2012-08-15T01:00:00.000Z,0
CVE-2007-1201,https://securityvulnerability.io/vulnerability/CVE-2007-1201,,"Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka ""Office Web Components DataSource Vulnerability.""",Microsoft,"Visual Studio .net,Biztalk Server,Office,Internet Security And Acceleration Server,Commerce Server",,,0.9326900243759155,false,false,false,false,,false,false,2008-03-11T23:00:00.000Z,0
CVE-2006-1257,https://securityvulnerability.io/vulnerability/CVE-2006-1257,,"The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.",Microsoft,Commerce Server,,,0.01810000091791153,false,false,false,false,,false,false,2006-03-19T01:00:00.000Z,0
CVE-2002-2081,https://securityvulnerability.io/vulnerability/CVE-2002-2081,,"cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.",Microsoft,"Site Server,Site Server Commerce",,,0.018789999186992645,false,false,false,false,,false,false,2002-12-31T05:00:00.000Z,0
CVE-2002-2073,https://securityvulnerability.io/vulnerability/CVE-2002-2073,,Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.,Microsoft,"Site Server,Site Server Commerce",,,0.05065999925136566,false,false,false,false,,false,false,2002-12-31T05:00:00.000Z,0
CVE-2002-1769,https://securityvulnerability.io/vulnerability/CVE-2002-1769,,"Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the ""Log on locally"" privilege.",Microsoft,"Site Server,Site Server Commerce",,,0.039009999483823776,false,false,false,false,,false,false,2002-12-31T05:00:00.000Z,0
CVE-2002-0621,https://securityvulnerability.io/vulnerability/CVE-2002-0621,,Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.,Microsoft,Commerce Server,,,0.380840003490448,false,false,false,false,,false,false,2002-07-03T04:00:00.000Z,0
CVE-2002-0623,https://securityvulnerability.io/vulnerability/CVE-2002-0623,,"Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka ""New Variant of the ISAPI Filter Buffer Overrun"".",Microsoft,Commerce Server,,,0.06498000025749207,false,false,false,false,,false,false,2002-07-03T04:00:00.000Z,0
CVE-2002-0620,https://securityvulnerability.io/vulnerability/CVE-2002-0620,,Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.,Microsoft,Commerce Server,,,0.1387999951839447,false,false,false,false,,false,false,2002-07-03T04:00:00.000Z,0
CVE-2002-0622,https://securityvulnerability.io/vulnerability/CVE-2002-0622,,"The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka ""OWC Package Command Execution"".",Microsoft,Commerce Server,,,0.030629999935626984,false,false,false,false,,false,false,2002-07-03T04:00:00.000Z,0
CVE-2002-0050,https://securityvulnerability.io/vulnerability/CVE-2002-0050,,Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.,Microsoft,Commerce Server,,,0.029740000143647194,false,false,false,false,,false,false,2002-03-08T05:00:00.000Z,0
CVE-2000-0246,https://securityvulnerability.io/vulnerability/CVE-2000-0246,,"IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the ""Virtualized UNC Share"" vulnerability.",Microsoft,"Site Server,Internet Information Services,Proxy Server,Commercial Internet System,Internet Information Server,Site Server Commerce",,,0.9586399793624878,false,false,false,false,,false,false,2000-03-30T05:00:00.000Z,0
CVE-2000-0025,https://securityvulnerability.io/vulnerability/CVE-2000-0025,,"IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the ""Virtual Directory Naming"" vulnerability.",Microsoft,"Site Server,Internet Information Server,Site Server Commerce",,,0.015250000171363354,false,false,false,false,,false,false,1999-12-21T05:00:00.000Z,0
CVE-2000-0024,https://securityvulnerability.io/vulnerability/CVE-2000-0024,,"IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the ""Escape Character Parsing"" vulnerability.",Microsoft,"Site Server,Internet Information Server,Site Server Commerce",,,0.008870000019669533,false,false,false,false,,false,false,1999-12-21T05:00:00.000Z,0
CVE-1999-0910,https://securityvulnerability.io/vulnerability/CVE-1999-0910,,"Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.",Microsoft,"Site Server,Commercial Internet System,Site Server Commerce",,,0.0023499999660998583,false,false,false,false,,false,false,1999-09-10T04:00:00.000Z,0
CVE-1999-0861,https://securityvulnerability.io/vulnerability/CVE-1999-0861,,Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.,Microsoft,"Site Server,Commercial Internet System,Internet Information Server,Site Server Commerce",,,0.0014400000218302011,false,false,false,false,,false,false,1999-08-11T04:00:00.000Z,0