Page 28 of 247 results (0.009 seconds)

CVSS: 6.8EPSS: 14%CPEs: 2EXPL: 3

CVE-2006-0015 – Microsoft FrontPage - Server Extensions Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-0015

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. • https://www.exploit-db.com/exploits/27620 http://secunia.com/advisories/19623 http://securityreason.com/securityalert/704 http://securitytracker.com/id?1015895 http://securitytracker.com/id?1015896 http://www.argeniss.com/research/ARGENISS-ADV-040602.txt http://www.securityfocus.com/archive/1/430803/100/0/threaded http://www.securityfocus.com/bid/17452 http://www.vupen.com/english/advisories/2006/1322 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017 •

CVSS: 7.8EPSS: 96%CPEs: 2EXPL: 4

CVE-2005-4360 – Microsoft IIS - HTTP Request Denial of Service

https://notcve.org/view.php?id=CVE-2005-4360

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). • https://www.exploit-db.com/exploits/1376 https://www.exploit-db.com/exploits/1377 http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html http://secunia.com/advisories/18106 http://securityreason.com/securityalert/271 http://securitytracker.com/alerts/2005/Dec/1015376.html http://www.osvdb.org/21805 http://www.securityfocus.com/archive/1/419707/100/0/threaded http://www.securityfocus. • CWE-252: Unchecked Return Value •

CVSS: 5.0EPSS: 12%CPEs: 2EXPL: 0

CVE-2005-2678

https://notcve.org/view.php?id=CVE-2005-2678

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. • http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html http://marc.info/?l=bugtraq&m=112474727903399&w=2 http://secunia.com/advisories/16548 http://www.vupen.com/english/advisories/2005/1503 •

CVSS: 4.3EPSS: 39%CPEs: 2EXPL: 0

CVE-2005-2089

https://notcve.org/view.php?id=CVE-2005-2089

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/42899 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 5.1EPSS: 15%CPEs: 49EXPL: 0

CVE-2005-1214

https://notcve.org/view.php?id=CVE-2005-1214

Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. Microsoft Agent permite a los atacantes remotos falsificar contenido de Internet de confianza y ejecutar código arbitrario disfrazando las indicaciones de seguridad en una página web maliciosa. • http://secunia.com/advisories/15689 http://www.securityfocus.com/bid/13948 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-032 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1194 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A682 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A906 •