CVE-2008-1446
https://notcve.org/view.php?id=CVE-2008-1446
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." Desbordamiento de entero en la extensión Internet Printing Protocol (IPP) ISAPI en Microsoft Internet Information Services (IIS) v5.0 hasta v7.0 en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008, permite a atacantes remotos autenticados ejecutar código arbitrario a través de un petición HTTP POST que dispara un conexión IPP de salida desde un servidor Web a la máquina manejada por el atacante, también conocida como "Vulnerabilidad de servicio por Desbordamiento de entero en IPP". • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32248 http://www.kb.cert.org/vuls/id/793233 http://www.securityfocus.com/bid/31682 http://www.securitytracker.com/id?1021048 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2813 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062 https://exchange.xforce.ibmcloud.com/vulnerabilities/45545 https://exchange.xforce.ibmc • CWE-190: Integer Overflow or Wraparound •
CVE-2008-0074
https://notcve.org/view.php?id=CVE-2008-0074
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. Vulnerabilidad no especificada en Microsoft Internet Information Services (IIS) de 5.0 a 7.0. Permite a usuarios locales conseguir privilegios a través de vectores desconocidos relacionados a notificaciones de cambios de archivos en las carpetas TPRoot, NNTPFile\Root, or WWWRoot. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28849 http://www.securityfocus.com/bid/27101 http://www.securitytracker.com/id?1019384 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0507/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-0026 – Microsoft IIS - ASP Stack Overflow (MS06-034)
https://notcve.org/view.php?id=CVE-2006-0026
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Desbordamiento de búfer en Microsoft Internet Information Services (IIS) 5.0, 5.1, y 6.0 permite localmente y posiblemente a atacantes remotos ejecutar código de su elección a través de Active Server Pages (ASP) manipuladas. • https://www.exploit-db.com/exploits/2056 http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html http://secunia.com/advisories/21006 http://securitytracker.com/id?1016466 http://www.kb.cert.org/vuls/id/395588 http://www.osvdb.org/27152 http://www.securityfocus.com/bid/18858 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2752 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034 •
CVE-2005-2678
https://notcve.org/view.php?id=CVE-2005-2678
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. • http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html http://marc.info/?l=bugtraq&m=112474727903399&w=2 http://secunia.com/advisories/16548 http://www.vupen.com/english/advisories/2005/1503 •
CVE-2005-2089
https://notcve.org/view.php?id=CVE-2005-2089
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/42899 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •