Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information server 3.0 vulnerabilities and exploits
(subscribe to this query)
392
VMScore
CVE-2006-6579
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read acc...
Microsoft Internet Information Server
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 1.0
Microsoft Internet Information Services 2.0
445
VMScore
CVE-2000-0071
IIS 4.0 allows a remote malicious user to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
755
VMScore
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 2.0
1 EDB exploit
445
VMScore
CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote malicious users to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
445
VMScore
CVE-1999-1544
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote malicious users to cause a denial of service via a long NLST (ls) command.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
445
VMScore
CVE-2000-0114
Frontpage Server Extensions allows remote malicious users to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 Github repository
505
VMScore
CVE-2000-0126
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote malicious users to read files via a .. (dot dot) attack.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
668
VMScore
CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote malicious users to conduct a denial of service and, in some cases, execute arbitrary commands.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
715
VMScore
CVE-1999-0725
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote malicious user to view the source code of certain files, a.k.a. "Double Byte Code Page".
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
505
VMScore
CVE-1999-1375
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote malicious users to read arbitrary files by specifying the name in the file parameter.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »