Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Frontpage
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 1999-03-26 | CVE-2000-0153 | FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. | Frontpage, Personal_web_server | N/A | ||
| 2000-10-20 | CVE-2000-0746 | Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | Frontpage, Internet_information_server, Internet_information_services | N/A | ||
| 1998-02-06 | CVE-1999-0012 | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | Frontpage, Internet_information_server, Personal_web_server, Enterprise_server, Fasttrack_server | N/A | ||
| 1999-08-27 | CVE-1999-1016 | Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. | Frontpage, Internet_explorer, Outlook_express, Eudora | N/A | ||
| 2013-09-11 | CVE-2013-3137 | Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerability." | Frontpage | N/A | ||
| 2008-07-07 | CVE-2008-3068 | Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | Access, Excel, Frontpage, Groove, Infopath, Office, Office_communicator, Onenote, Outlook, Powerpoint, Project_professional, Project_standard, Publisher, Sharepoint_designer, Visio_professional, Visio_standard, Windows_live_mail | N/A | ||
| 2007-06-07 | CVE-2007-3109 | The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. | Frontpage, Office | N/A | ||
| 2007-02-03 | CVE-2007-0671 | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | Access, Excel, Excel_viewer, Frontpage, Infopath, Office, Onenote, Outlook, Powerpoint, Project, Publisher, Visio, Word, Word_viewer | N/A | ||
| 2006-10-10 | CVE-2006-3877 | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. | Access, Excel, Excel_viewer, Frontpage, Infopath, Office, Onenote, Outlook, Powerpoint, Project, Publisher, Visio, Word, Word_viewer | N/A | ||
| 2005-07-05 | CVE-2005-2143 | Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. | Frontpage | N/A |