Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iis vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2009-3023
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 up to and including 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP ...
Microsoft Internet Information Server
3 EDB exploits
9
CVSSv2
CVE-2008-1446
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 up to and including 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitra...
Microsoft Internet Information Services
9
CVSSv2
CVE-2008-1436
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent malicious users to gain privileges by using one service process to capture a res...
Microsoft Windows Server 2003
Microsoft Windows Vista -
Microsoft Windows-nt Vista
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Xp
1 EDB exploit
8.5
CVSSv2
CVE-2010-1256
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "II...
Microsoft Internet Information Server 6.0
8.5
CVSSv2
CVE-2009-1016
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obt...
Oracle Bea Product Suite 10.3
Oracle Bea Product Suite 9.2
Oracle Bea Product Suite 10.0
Oracle Bea Product Suite 8.1
Oracle Bea Product Suite 7.0
Oracle Bea Product Suite 9.1
Oracle Bea Product Suite 9.0
7.8
CVSSv2
CVE-2013-0005
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote malicious users to cause a denial of service (resource consumption an...
Microsoft .net Framework 3.5
Microsoft .net Framework 3.5.1
Microsoft .net Framework 4.0
Microsoft Management Odata Iis Extension -
7.8
CVSSv2
CVE-2007-0087
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote malicious users to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE:...
Microsoft Internet Information Server
7.8
CVSSv2
CVE-2005-4360
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote malicious users to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes n...
Microsoft Internet Information Services 5.1
2 EDB exploits
7.8
CVSSv2
CVE-1999-0449
The ExAir sample site in IIS 4 allows remote malicious users to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
Microsoft Internet Information Server 4.0
7.5
CVSSv2
CVE-2013-5554
Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile prior to 3.5.5 allows remote malicious users to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.
Cisco Wide Area Application Services Mobile
Cisco Wide Area Application Services Mobile 3.5.3
Cisco Wide Area Application Services Mobile 3.5.2
Cisco Wide Area Application Services Mobile 3.5.1
Cisco Wide Area Application Services Mobile 3.5.0
Cisco Wide Area Application Services Mobile 3.4.1
Cisco Wide Area Application Services Mobile 3.3.4
Cisco Wide Area Application Services Mobile 3.3.1
Cisco Wide Area Application Services Mobile 3.4.2
Cisco Wide Area Application Services Mobile 3.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »