CVSS: 10.0EPSS: 72%CPEs: 2EXPL: 0CVE-2008-0075
https://notcve.org/view.php?id=CVE-2008-0075
12 Feb 2008 — Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. Vulnerabilidad sin especificar en Microsoft Internet Information Services (IIS) de 5.1 a 6.0. Permite a atacantes remotos ejecutar código de su elección a través de entradas manipuladas para páginas ASP. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 53%CPEs: 1EXPL: 0CVE-2007-2897
https://notcve.org/view.php?id=CVE-2007-2897
30 May 2007 — Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS dev... • http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0419.html •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2007-1278
https://notcve.org/view.php?id=CVE-2007-1278
16 Mar 2007 — Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Vulnerabilidad no especificada en el conector IIS en Adobe JRun 4.0 Updater 6, y ColdFusion MX 6.1 y 7.0 Enterprise, cuando se utiliza Microsoft IIS 6, permite a atacantes remotos provocar denegación de servicio a través de vectores n... • http://osvdb.org/34039 •
CVSS: 7.8EPSS: 33%CPEs: 1EXPL: 0CVE-2007-0087
https://notcve.org/view.php?id=CVE-2007-0087
05 Jan 2007 — Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal ... • http://osvdb.org/33457 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-6579
https://notcve.org/view.php?id=CVE-2006-6579
15 Dec 2006 — Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. Microsoft Windows XP tiene pérmisos débiles (FILE_WRITE_DATA y FILE_READ_DATA para cualquiera) para %WINDIR%\pchealth\ERRORREP\QHEADLES, lo cual permite a un usuario local escribir y leer archivos en esta carpet... • http://www.securityfocus.com/archive/1/454268/100/0/threaded •
CVSS: 8.4EPSS: 89%CPEs: 2EXPL: 1CVE-2006-0026 – Microsoft IIS - ASP Stack Overflow (MS06-034)
https://notcve.org/view.php?id=CVE-2006-0026
11 Jul 2006 — Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Desbordamiento de búfer en Microsoft Internet Information Services (IIS) 5.0, 5.1, y 6.0 permite localmente y posiblemente a atacantes remotos ejecutar código de su elección a través de Active Server Pages (ASP) manipuladas. • https://www.exploit-db.com/exploits/2056 •
CVSS: 7.5EPSS: 61%CPEs: 2EXPL: 0CVE-2005-2678
https://notcve.org/view.php?id=CVE-2005-2678
23 Aug 2005 — Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. • http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html •
CVSS: 7.5EPSS: 82%CPEs: 2EXPL: 1CVE-2003-0718 – Microsoft IIS - WebDAV XML Denial of Service (MS04-030)
https://notcve.org/view.php?id=CVE-2003-0718
16 Oct 2004 — The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegación de servicio (consumición de memoria y CPU), caída de aplicación mediante un mensaje XML co... • https://www.exploit-db.com/exploits/585 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2004-0205
https://notcve.org/view.php?id=CVE-2004-0205
14 Jul 2004 — Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. Desbordamiento de búfer en Microsoft Internet Information Server (IIS) 4.0 permite a usuarios locales ejecutar código de su elección mediante la función de redirección. • http://secunia.com/advisories/12061 •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 1CVE-2003-1342 – Trend Micro Virus Control System 1.8 - Denial of Service
https://notcve.org/view.php?id=CVE-2003-1342
31 Dec 2003 — Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. • https://www.exploit-db.com/exploits/22172 • CWE-399: Resource Management Errors •