Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
internet information server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-6579
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read acc...
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server
Microsoft Internet Information Services 1.0
Microsoft Internet Information Services 2.0
NA
CVE-2000-0649
IIS 4.0 allows remote malicious users to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Metasploit module
7 Github repositories
NA
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 4.0
1 EDB exploit
NA
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
NA
CVE-2000-0071
IIS 4.0 allows a remote malicious user to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
NA
CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote malicious users to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
NA
CVE-2001-0333
Directory traversal vulnerability in IIS 5.0 and previous versions allows remote malicious users to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server
9 EDB exploits
NA
CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote malicious users to conduct a denial of service and, in some cases, execute arbitrary commands.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
NA
CVE-1999-1544
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote malicious users to cause a denial of service via a long NLST (ls) command.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server 3.0
NA
CVE-2000-0114
Frontpage Server Extensions allows remote malicious users to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »