CVSS: 5.0EPSS: 10%CPEs: 1EXPL: 4CVE-2003-1566 – Microsoft IIS 5.0 - Failure To Log Undocumented TRACK Requests
https://notcve.org/view.php?id=CVE-2003-1566
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. Microsoft Internet Information Services (IIS) v5.0 no registra las peticiones que usan el método TRACK, lo que permite a atacantes remotos obtener información sensible sin ser detectados. • https://www.exploit-db.com/exploits/23490 http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html http://www.aqtronix.com/Advisories/AQ-2003-02.txt http://www.osvdb.org/4864 http://www.securityfocus.com/bid/9313 https://exchange.xforce.ibmcloud.com/vulnerabilities/14077 • CWE-16: Configuration •
CVSS: 10.0EPSS: 12%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamente el identificador Service Principal Name (SPN) al validar respuestas a peticiones de autenticación, lo que permite a servidores remotos ejecutar código de su elección mediante vectores que emplean reflexión de credenciales NTLM, alias "Vulnerabilidad SPN". • http://secunia.com/advisories/33058 http://www.securityfocus.com/bid/32653 http://www.securitytracker.com/id?1021372 http://www.securitytracker.com/id?1021373 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3388 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 94%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expression Web, Office, Internet Explorer y otros productos; permite a atacantes remotos obtener información sensible de otro dominio y corromper el estado de la sesión a través de solicitudes de campos de cabecera HTTP, como se ha demostrado con el campo Transfer-Encoding. También se conoce como "Vulnerabilidad de la solicitud de la cabecera MSXML". • https://www.exploit-db.com/exploits/7196 http://marc.info/?l=bugtraq&m=122703006921213&w=2 http://securitytracker.com/id?1021164 http://www.securityfocus.com/bid/32204 http://www.us-cert.gov/cas/techalerts/TA08-316A.html http://www.vupen.com/english/advisories/2008/3111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 95%CPEs: 8EXPL: 0CVE-2008-1446
https://notcve.org/view.php?id=CVE-2008-1446
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." Desbordamiento de entero en la extensión Internet Printing Protocol (IPP) ISAPI en Microsoft Internet Information Services (IIS) v5.0 hasta v7.0 en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008, permite a atacantes remotos autenticados ejecutar código arbitrario a través de un petición HTTP POST que dispara un conexión IPP de salida desde un servidor Web a la máquina manejada por el atacante, también conocida como "Vulnerabilidad de servicio por Desbordamiento de entero en IPP". • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32248 http://www.kb.cert.org/vuls/id/793233 http://www.securityfocus.com/bid/31682 http://www.securitytracker.com/id?1021048 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2813 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062 https://exchange.xforce.ibmcloud.com/vulnerabilities/45545 https://exchange.xforce.ibmc • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4300
https://notcve.org/view.php?id=CVE-2008-4300
A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. Un determinado control ActiveX en la biblioteca adsiis.dll en Internet Information Services (IIS) Microsoft, permite a los atacantes remotos causar una denegación de servicio (bloqueo del navegador) por medio de una cadena larga en el segundo argumento al método GetObject. NOTA: este problema fue revelado por un investigador poco confiable, por lo que podría ser incorrecto. • http://securityreason.com/securityalert/4325 http://www.securityfocus.com/archive/1/496696/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/45584 •