Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information services vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2010-1899
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote malicious users to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter...
Microsoft Internet Information Server 6.0
Microsoft Internet Information Services 7.5
1 EDB exploit
1 Github repository
445
VMScore
CVE-2002-1694
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote malicious users to modify the log file contents while IIS is running.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
445
VMScore
CVE-2001-0004
IIS 5.0 and 4.0 allows remote malicious users to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via ....
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
725
VMScore
CVE-2001-0506
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
605
VMScore
CVE-2003-0223
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote malicious users to embed a URL containing script in a redirection message.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
445
VMScore
CVE-2003-0225
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote malicious users to generate a large header to cause a denial of service (memory consumption) with an ASP pag...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
445
VMScore
CVE-2000-0304
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote malicious user to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
505
VMScore
CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote malicious users to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
Microsoft Frontpage
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Github repository
668
VMScore
CVE-2000-0746
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
Microsoft Frontpage
534
VMScore
CVE-2009-4445
Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote malicious users to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a saf...
Microsoft Internet Information Services
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »