CVSS: 8.4EPSS: 89%CPEs: 2EXPL: 1CVE-2006-0026 – Microsoft IIS - ASP Stack Overflow (MS06-034)
https://notcve.org/view.php?id=CVE-2006-0026
11 Jul 2006 — Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Desbordamiento de búfer en Microsoft Internet Information Services (IIS) 5.0, 5.1, y 6.0 permite localmente y posiblemente a atacantes remotos ejecutar código de su elección a través de Active Server Pages (ASP) manipuladas. • https://www.exploit-db.com/exploits/2056 •
CVSS: 7.5EPSS: 61%CPEs: 2EXPL: 0CVE-2005-2678
https://notcve.org/view.php?id=CVE-2005-2678
23 Aug 2005 — Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. • http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html •
CVSS: 7.5EPSS: 82%CPEs: 2EXPL: 1CVE-2003-0718 – Microsoft IIS - WebDAV XML Denial of Service (MS04-030)
https://notcve.org/view.php?id=CVE-2003-0718
16 Oct 2004 — The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegación de servicio (consumición de memoria y CPU), caída de aplicación mediante un mensaje XML co... • https://www.exploit-db.com/exploits/585 •
CVSS: 10.0EPSS: 91%CPEs: 3EXPL: 6CVE-2001-0500 – Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2001-0500
21 Jul 2001 — Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. • https://www.exploit-db.com/exploits/20930 •
CVSS: 9.8EPSS: 80%CPEs: 2EXPL: 9CVE-2001-0333 – Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution
https://notcve.org/view.php?id=CVE-2001-0333
27 Jun 2001 — Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. • https://www.exploit-db.com/exploits/20835 •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 0CVE-2001-0334
https://notcve.org/view.php?id=CVE-2001-0334
27 Jun 2001 — FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.3EPSS: 37%CPEs: 1EXPL: 0CVE-2001-0335
https://notcve.org/view.php?id=CVE-2001-0335
27 Jun 2001 — FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. • http://www.securityfocus.com/bid/2719 •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 1CVE-2001-0336 – Microsoft IIS 4.0/5.0 - FTP Denial of Service (MS01-026)
https://notcve.org/view.php?id=CVE-2001-0336
27 Jun 2001 — The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. • https://www.exploit-db.com/exploits/20846 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2001-0337
https://notcve.org/view.php?id=CVE-2001-0337
24 May 2001 — The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026 •
CVSS: 7.5EPSS: 12%CPEs: 2EXPL: 0CVE-2000-1090
https://notcve.org/view.php?id=CVE-2000-1090
02 Feb 2001 — Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. • http://www.nsfocus.com/english/homepage/sa_08.htm •