Search Results (Refine Search)
- Keyword (text search): iis
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-1999-0736 |
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Published: May 07, 1999; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0737 |
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Published: May 07, 1999; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0738 |
The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Published: May 07, 1999; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0739 |
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Published: May 07, 1999; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-1397 |
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. Published: March 23, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-1999-0412 |
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. Published: February 19, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-1999-0407 |
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. Published: February 09, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-0360 |
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. Published: January 30, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-1999-0348 |
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. Published: January 27, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0349 |
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. Published: January 27, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-1999-0449 |
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. Published: January 26, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-1999-0450 |
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). Published: January 26, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-1999-1544 |
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. Published: January 24, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-1376 |
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. Published: January 14, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-1538 |
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. Published: January 14, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-1999-0448 |
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0561 |
IIS has the #exec function enabled for Server Side Include (SSI) files. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-0278 |
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. Published: June 01, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0191 |
IIS newdsn.exe CGI script allows remote users to overwrite files. Published: September 01, 1997; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-1999-0281 |
Denial of service in IIS using long URLs. Published: June 01, 1997; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |