Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iis vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2003-1566
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote malicious users to obtain sensitive information without detection.
Microsoft Internet Information Services 5.0
1 EDB exploit
505
VMScore
CVE-1999-0281
Denial of service in IIS using long URLs.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 2.0
1 EDB exploit
505
VMScore
CVE-1999-0154
IIS 2.0 and 3.0 allows remote malicious users to read the source code for ASP pages by appending a . (dot) to the end of the URL.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 2.0
1 EDB exploit
505
VMScore
CVE-2003-0718
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote malicious users to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of...
Microsoft Internet Information Server 6.0
Microsoft Internet Information Services 5.0
1 EDB exploit
215
VMScore
CVE-1999-1538
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
Microsoft Internet Information Server 4.0
1 EDB exploit
760
VMScore
CVE-2000-0260
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
Microsoft Visual Interdev 1.0
Microsoft Frontpage
2 EDB exploits
505
VMScore
CVE-2000-0408
IIS 4.05 and 5.0 allow remote malicious users to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
505
VMScore
CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote malicious users to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
Microsoft Frontpage
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Github repository
725
VMScore
CVE-1999-0360
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.
Microsoft Site Server 2.0
1 EDB exploit
755
VMScore
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 4.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »