Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information services 4.0 vulnerabilities and exploits
(subscribe to this query)
725
VMScore
CVE-2001-0506
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
796
VMScore
CVE-2000-0884
IIS 4.0 and 5.0 allows remote malicious users to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
9 EDB exploits
2 Github repositories
510
VMScore
CVE-2001-1243
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote malicious users to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injectin...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
2 EDB exploits
445
VMScore
CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote malicious users to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
755
VMScore
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
445
VMScore
CVE-2000-0071
IIS 4.0 allows a remote malicious user to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
668
VMScore
CVE-2000-0746
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
Microsoft Frontpage
505
VMScore
CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote malicious users to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
Microsoft Frontpage
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Github repository
505
VMScore
CVE-2002-1790
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote malicious users to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.
Microsoft Exchange Server 5.5
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
445
VMScore
CVE-2002-1695
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote malicious users to modify the log file contents while Norton Internet Security is running.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Symantec Norton Internet Security 2001
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »