Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information server 3.0 vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv2
CVE-2006-6579
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read acc...
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server
Microsoft Internet Information Services 1.0
Microsoft Internet Information Services 2.0
5
CVSSv2
CVE-2000-0071
IIS 4.0 allows a remote malicious user to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
7.5
CVSSv2
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
5
CVSSv2
CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote malicious users to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
5
CVSSv2
CVE-2000-0126
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote malicious users to read files via a .. (dot dot) attack.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
7.1
CVSSv2
CVE-1999-0725
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote malicious user to view the source code of certain files, a.k.a. "Double Byte Code Page".
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
7.5
CVSSv2
CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote malicious users to conduct a denial of service and, in some cases, execute arbitrary commands.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
5
CVSSv2
CVE-1999-1537
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote malicious users to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server 3.0
5
CVSSv2
CVE-1999-1544
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote malicious users to cause a denial of service via a long NLST (ls) command.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server 3.0
5
CVSSv2
CVE-2000-0114
Frontpage Server Extensions allows remote malicious users to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »