CVSS: 9.8EPSS: 49%CPEs: 2EXPL: 0CVE-2002-0149
https://notcve.org/view.php?id=CVE-2002-0149
22 Apr 2002 — Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Desbordamiento de buffer en las funciones de inclusión de ficheros en el servidor (server-side include) de ASP en IIS 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante nombres de fichero largos. • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 9.8EPSS: 67%CPEs: 2EXPL: 0CVE-2002-0150
https://notcve.org/view.php?id=CVE-2002-0150
22 Apr 2002 — Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. Desbordamiento de buffer en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos falsificar la comprobación de seguridad de cabeceras HTTP y causar una denegación de servicio o ejecutar código arbitrario mediante valores de campos de las cabeceras HTTP. • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 0CVE-2001-0545
https://notcve.org/view.php?id=CVE-2001-0545
30 Oct 2001 — IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. • http://www.ciac.org/ciac/bulletins/l-132.shtml •
CVSS: 7.8EPSS: 80%CPEs: 2EXPL: 2CVE-2001-0506 – Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
https://notcve.org/view.php?id=CVE-2001-0506
20 Sep 2001 — Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. • https://www.exploit-db.com/exploits/21071 •
CVSS: 7.5EPSS: 26%CPEs: 1EXPL: 0CVE-2001-0709
https://notcve.org/view.php?id=CVE-2001-0709
29 Aug 2001 — Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. • http://www.securityfocus.com/archive/1/192802 •
CVSS: 10.0EPSS: 91%CPEs: 3EXPL: 6CVE-2001-0500 – Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2001-0500
21 Jul 2001 — Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. • https://www.exploit-db.com/exploits/20930 •
CVSS: 5.5EPSS: 25%CPEs: 2EXPL: 3CVE-2001-1243 – Microsoft IIS 4.0/5.0 - Device File Local Denial of Service
https://notcve.org/view.php?id=CVE-2001-1243
04 Jul 2001 — Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. • https://www.exploit-db.com/exploits/20989 •
CVSS: 9.8EPSS: 80%CPEs: 2EXPL: 9CVE-2001-0333 – Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution
https://notcve.org/view.php?id=CVE-2001-0333
27 Jun 2001 — Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. • https://www.exploit-db.com/exploits/20835 •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 0CVE-2001-0334
https://notcve.org/view.php?id=CVE-2001-0334
27 Jun 2001 — FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.3EPSS: 37%CPEs: 1EXPL: 0CVE-2001-0335
https://notcve.org/view.php?id=CVE-2001-0335
27 Jun 2001 — FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. • http://www.securityfocus.com/bid/2719 •