Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iis vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-0693
Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote malicious users to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.
Dell Wyse Device Manager 4.7.2
Dell Wyse Device Manager 4.7.0
Dell Wyse Device Manager 4.7.1
1 EDB exploit
7.5
CVSSv2
CVE-2009-0695
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote malicious users to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
Dell Wyse Device Manager 4.7.1
Dell Wyse Device Manager 4.7.2
Dell Wyse Device Manager 4.7.0
2 EDB exploits
7.5
CVSSv2
CVE-2010-0112
Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager prior to 8.4.16 allow remote malicious users to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition fu...
Symantec Im Manager 8.4.7
Symantec Im Manager 8.4.8
Symantec Im Manager 6.0
Symantec Im Manager 6.5
Symantec Im Manager 8.3
Symantec Im Manager 8.4.9
Symantec Im Manager 8.4.10
Symantec Im Manager 7.0
Symantec Im Manager 7.5
Symantec Im Manager 8.4.0
Symantec Im Manager 8.4.1
Symantec Im Manager 8.4.2
Symantec Im Manager 8.4.11
Symantec Im Manager 8.4.12
Symantec Im Manager 8.4.5
Symantec Im Manager 8.4.6
Symantec Im Manager 8.4.13
Symantec Im Manager
7.5
CVSSv2
CVE-2009-1122
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote malicious users to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authe...
Microsoft Internet Information Services 5.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-1535
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote malicious users to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as...
Microsoft Internet Information Services 5.1
Microsoft Internet Information Services 6.0
2 EDB exploits
7.5
CVSSv2
CVE-2008-2579
Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
Oracle Weblogic Server 6.1
Oracle Weblogic Server 7.0
Oracle Weblogic Server 8.1
Oracle Weblogic Server 9.0
Oracle Weblogic Server 9.1
Oracle Weblogic Server 9.2
Oracle Weblogic Server 10.0
7.5
CVSSv2
CVE-2007-6498
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts...
Hosting Controller Hosting Controller 6.1 Hotfix 3.3
1 EDB exploit
7.5
CVSSv2
CVE-2007-2897
Microsoft Internet Information Services (IIS) 6.0 allows remote malicious users to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute ar...
Microsoft Internet Information Server 6.0
7.5
CVSSv2
CVE-2006-6578
Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows malicious users to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com w...
Microsoft Internet Information Services 5.1
7.5
CVSSv2
CVE-2005-1471
Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote malicious users to execute arbitrary code via crafted chunked-encoding data.
Rsa Securid Web Agent 5
Rsa Securid Web Agent 5.2
Rsa Securid Web Agent 5.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »