Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iis vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2000-0457
ISM.DLL in IIS 4.0 and 5.0 allows remote malicious users to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR&...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
7.5
CVSSv2
CVE-2000-0260
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
Microsoft Visual Interdev 1.0
Microsoft Frontpage
2 EDB exploits
7.5
CVSSv2
CVE-1999-1591
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote malicious users to bypass authentication requirements, as demonstrated by connecting ...
Microsoft Internet Information Server 4.0
Microsoft Visual Interdev 6.0
7.5
CVSSv2
CVE-1999-1233
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
Microsoft Internet Information Server 4.0
7.5
CVSSv2
CVE-1999-0777
IIS FTP servers may allow a remote malicious user to read or delete files on the server, even if they have "No Access" permissions.
Microsoft Internet Information Server 4.0
Microsoft Commercial Internet System 2.5
7.5
CVSSv2
CVE-1999-1397
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
Microsoft Index Server 2.0
7.5
CVSSv2
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
7.5
CVSSv2
CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote malicious users to conduct a denial of service and, in some cases, execute arbitrary commands.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
7.5
CVSSv2
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 4.0
1 EDB exploit
7.5
CVSSv2
CVE-1999-0253
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 1.0
Microsoft Internet Information Services 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »