Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iis vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2019-12925
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials includi...
Mailenable Mailenable
7.5
CVSSv3
CVE-2019-0941
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'.
Microsoft Windows 10 1803
Microsoft Windows 7 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 1803
Microsoft Windows 10 1607
Microsoft Windows 10 -
Microsoft Windows 10 1703
Microsoft Windows 10 1809
Microsoft Windows 10 1903
Microsoft Windows Server 2016 1903
Microsoft Windows 8.1 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 10 1709
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2016 -
2 Articles
8.8
CVSSv3
CVE-2018-20221
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.
Deltek Ajera
1 EDB exploit
3.7
CVSSv3
CVE-2018-17891
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could ...
Carestream Carestream Vue Ris
5.4
CVSSv3
CVE-2018-16958
An issue exists in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, th...
Oracle Webcenter Interaction 10.3.3
6.5
CVSSv3
CVE-2018-16956
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software (such as IIS). Rena...
Oracle Webcenter Interaction 10.3.3
6.5
CVSSv3
CVE-2018-14773
An issue exists in Http Foundation in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. It arises from support for ...
Sensiolabs Symfony
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Drupal Drupal
1 Github repository
7.5
CVSSv3
CVE-2018-1232
RSA Authentication Agent version 8.0.1 and previous versions for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerabili...
Rsa Authentication Agent For Web
5.5
CVSSv3
CVE-2018-1234
RSA Authentication Agent version 8.0.1 and previous versions for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can ...
Rsa Authentication Agent For Web
6.1
CVSSv3
CVE-2018-1233
RSA Authentication Agent version 8.0.1 and previous versions for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's...
Rsa Authentication Agent For Web
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »