Page 2 of 9 results (0.005 seconds)

CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 0

Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006 •

CVSS: 5.0EPSS: 93%CPEs: 1EXPL: 1

The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. • https://www.exploit-db.com/exploits/19731 http://www.osvdb.org/1210 http://www.securityfocus.com/bid/950 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006 •

CVSS: 10.0EPSS: 68%CPEs: 7EXPL: 2

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. • https://www.exploit-db.com/exploits/19425 https://www.exploit-db.com/exploits/19424 http://www.ciac.org/ciac/bulletins/j-054.shtml http://www.osvdb.org/272 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025 https://www.securityfocus.com/bid/529 - • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. • http://marc.info/?l=bugtraq&m=92242671024118&w=2 http://marc.info/?l=ntbugtraq&m=92223293409756&w=2 http://www.iss.net/security_center/static/7559.php http://www.securityfocus.com/bid/476 •