Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iis vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2002-0149
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote malicious users to cause a denial of service and possibly execute arbitrary code via long file names.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
7.5
CVSSv2
CVE-2002-0150
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote malicious users to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
7.5
CVSSv2
CVE-2002-0364
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows malicious users to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
10
CVSSv2
CVE-1999-0874
Buffer overflow in IIS 4.0 allows remote malicious users to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
Microsoft Internet Information Server 4.0
Microsoft Windows Nt 4.0
Microsoft Windows Nt
Microsoft Windows 2000
5 EDB exploits
7.5
CVSSv2
CVE-2009-1535
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote malicious users to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as...
Microsoft Internet Information Services 5.1
Microsoft Internet Information Services 6.0
2 EDB exploits
10
CVSSv2
CVE-2017-7269
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote malicious users to execute arbitrary code via a long header beginning with "If: <http://" in a PROP...
Microsoft Internet Information Server 6.0
2 EDB exploits
21 Github repositories
2 Articles
7.8
CVSSv2
CVE-2005-4360
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote malicious users to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes n...
Microsoft Internet Information Services 5.1
2 EDB exploits
5
CVSSv2
CVE-2000-0778
IIS 5.0 allows remote malicious users to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
Microsoft Internet Information Services 5.0
2 EDB exploits
2.6
CVSSv2
CVE-2000-0649
IIS 4.0 allows remote malicious users to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Metasploit module
7 Github repositories
7.5
CVSSv2
CVE-2001-0333
Directory traversal vulnerability in IIS 5.0 and previous versions allows remote malicious users to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server
9 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »