Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information services 2.0 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-1999-0253
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 1.0
Microsoft Internet Information Services 2.0
755
VMScore
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 2.0
1 EDB exploit
307
VMScore
CVE-2000-0649
IIS 4.0 allows remote malicious users to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 2.0
1 EDB exploit
1 Metasploit module
7 Github repositories
392
VMScore
CVE-2006-6579
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read acc...
Microsoft Internet Information Server
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 1.0
Microsoft Internet Information Services 2.0
505
VMScore
CVE-1999-0154
IIS 2.0 and 3.0 allows remote malicious users to read the source code for ASP pages by appending a . (dot) to the end of the URL.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 2.0
1 EDB exploit
505
VMScore
CVE-1999-0281
Denial of service in IIS using long URLs.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 2.0
1 EDB exploit
755
VMScore
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 2.0
1 EDB exploit
505
VMScore
CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote malicious users to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
Microsoft Site Server 3.0
Microsoft Internet Information Services 5.0
Microsoft Proxy Server 2.0
Microsoft Commercial Internet System 2.0
Microsoft Internet Information Server 4.0
Microsoft Commercial Internet System 2.5
Microsoft Site Server Commerce 3.0
1 EDB exploit
1000
VMScore
CVE-2001-0500
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and previous versions allows remote malicious users to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) f...
Microsoft Internet Information Server
Microsoft Indexing Service
Microsoft Index Server 2.0
5 EDB exploits
1 Github repository
534
VMScore
CVE-2003-0904
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. whe...
Microsoft Sharepoint Services 2.0
Microsoft Exchange Server 2003
Microsoft Windows Server 2003 -
Microsoft Windows Server 2003
Microsoft Windows Server 2003 R2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »