Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0912
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions
NA
CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
3 Github repositories
1 Article
NA
CVE-2024-4837
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.
5.3
CVSSv3
CVE-2023-6352
The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be...
Aquaforest Tiff Server 4.2.210913
9.8
CVSSv3
CVE-2023-36434
Windows IIS Server Elevation of Privilege Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 21h2
Microsoft Windows 10 1809
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 1507
Microsoft Windows 10 22h2
Microsoft Windows 10 1607
1 Github repository
1 Article
6.1
CVSSv3
CVE-2023-24814
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows malicious users to in...
Typo3 Typo3
8.8
CVSSv3
CVE-2022-42136
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an malicious user to store arbitrary code on that files and execute RCE commands.
Mailenable Mailenable
6.1
CVSSv3
CVE-2022-36664
Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.
Adiscon Password Manager For Iis 2.0
7.4
CVSSv3
CVE-2022-30209
Windows IIS Server Elevation of Privilege Vulnerability
Microsoft Windows 10 -
Microsoft Windows 10 1607
Microsoft Windows Server 2008 R2
Microsoft Windows 7 -
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2008 -
Microsoft Windows 8.1 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows Server 2016 20h2
Microsoft Windows 10 20h2
Microsoft Windows 10 21h1
Microsoft Windows Server 2022 -
Microsoft Windows 11 -
Microsoft Windows 10 21h2
7.5
CVSSv3
CVE-2021-27474
Rockwell Automation FactoryTalk AssetCentre v10.00 and previous versions does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated malicious user to modify sensitive data in FactoryTalk AssetCentre.
Rockwellautomation Factorytalk Assetcentre
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »