Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0075
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote malicious users to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
NA
CVE-2002-0150
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote malicious users to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
NA
CVE-2002-0364
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows malicious users to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
NA
CVE-1999-0874
Buffer overflow in IIS 4.0 allows remote malicious users to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
Microsoft Internet Information Server 4.0
Microsoft Windows Nt 4.0
Microsoft Windows Nt
Microsoft Windows 2000
5 EDB exploits
NA
CVE-2009-1535
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote malicious users to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as...
Microsoft Internet Information Services 5.1
Microsoft Internet Information Services 6.0
2 EDB exploits
9.8
CVSSv3
CVE-2017-7269
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote malicious users to execute arbitrary code via a long header beginning with "If: <http://" in a PROP...
Microsoft Internet Information Server 6.0
2 EDB exploits
22 Github repositories
2 Articles
NA
CVE-2000-0778
IIS 5.0 allows remote malicious users to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
Microsoft Internet Information Services 5.0
2 EDB exploits
NA
CVE-2005-4360
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote malicious users to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes n...
Microsoft Internet Information Services 5.1
2 EDB exploits
NA
CVE-2000-0649
IIS 4.0 allows remote malicious users to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Metasploit module
7 Github repositories
NA
CVE-2001-0333
Directory traversal vulnerability in IIS 5.0 and previous versions allows remote malicious users to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server
9 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »