Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
internet information services vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2009-4445
Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote malicious users to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a saf...
Microsoft Internet Information Services
505
VMScore
CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote malicious users to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
Microsoft Frontpage
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Github repository
668
VMScore
CVE-2000-0746
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
Microsoft Frontpage
445
VMScore
CVE-2002-1695
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote malicious users to modify the log file contents while Norton Internet Security is running.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Symantec Norton Internet Security 2001
300
VMScore
CVE-2002-0422
IIS 5 and 5.1 supporting WebDAV methods allows remote malicious users to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status resp...
Microsoft Internet Information Services 5.0
890
VMScore
CVE-2003-0224
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
Microsoft Internet Information Services 5.0
505
VMScore
CVE-2001-0151
IIS 5.0 allows remote malicious users to cause a denial of service via a series of malformed WebDAV requests.
Microsoft Internet Information Services 5.0
1 EDB exploit
505
VMScore
CVE-2001-1186
Microsoft IIS 5.0 allows remote malicious users to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
Microsoft Internet Information Services 5.0
1 EDB exploit
668
VMScore
CVE-2001-0902
Microsoft IIS 5.0 allows remote malicious users to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
Microsoft Internet Information Services 5.0
510
VMScore
CVE-2000-0778
IIS 5.0 allows remote malicious users to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
Microsoft Internet Information Services 5.0
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »