microsoft internet information services 4.0 vulnerabilities and exploits

(subscribe to this query)

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

Microsoft Internet Information Server 3.0 Microsoft Internet Information Services 5.0 Microsoft Internet Information Services 2.0 Microsoft Internet Information Server 4.0

1 EDB exploit

IIS 4.0 allows remote malicious users to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.

Microsoft Internet Information Services 2.0 Microsoft Internet Information Server 3.0 Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

1 EDB exploit1 Metasploit module7 Github repositories

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read acc...

Microsoft Internet Information Server 3.0 Microsoft Internet Information Server 4.0 Microsoft Internet Information Server Microsoft Internet Information Services 1.0 Microsoft Internet Information Services 2.0

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote malicious users to bypass access restrictions to some files, aka the "File Permission Canonicalization" vuln...

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

IIS 5.0 allows remote malicious users to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

1 EDB exploit

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote malicious users to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerab...

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. T...

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote malicious users to modify the log file contents while IIS is running.

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 up to and including 5.1 allows remote malicious users to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out o...

Microsoft Internet Information Services 5.0 Microsoft Internet Information Server 4.0

ISM.DLL in IIS 4.0 and 5.0 allows remote malicious users to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR&...

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

1 EDB exploit

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook