Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information server vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2001-0096
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote malicious users to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
668
VMScore
CVE-2000-0970
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote malicious users to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerab...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
445
VMScore
CVE-2002-1694
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote malicious users to modify the log file contents while IIS is running.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
505
VMScore
CVE-1999-0154
IIS 2.0 and 3.0 allows remote malicious users to read the source code for ASP pages by appending a . (dot) to the end of the URL.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 2.0
1 EDB exploit
505
VMScore
CVE-1999-0281
Denial of service in IIS using long URLs.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 2.0
1 EDB exploit
641
VMScore
CVE-2008-0074
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 up to and including 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
Microsoft Internet Information Server 6.0
Microsoft Internet Information Services 5.0
755
VMScore
CVE-2000-0886
IIS 5.0 allows remote malicious users to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
1 EDB exploit
668
VMScore
CVE-2000-0746
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
Microsoft Frontpage
505
VMScore
CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote malicious users to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
Microsoft Frontpage
1 EDB exploit
1 Github repository
505
VMScore
CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote malicious users to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
Microsoft Site Server 3.0
Microsoft Internet Information Services 5.0
Microsoft Proxy Server 2.0
Microsoft Commercial Internet System 2.0
Microsoft Internet Information Server 4.0
Microsoft Commercial Internet System 2.5
Microsoft Site Server Commerce 3.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »