CVSS: 7.5EPSS: 67%CPEs: 2EXPL: 0CVE-2002-0075
https://notcve.org/view.php?id=CVE-2002-0075
22 Apr 2002 — Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. Vulnerabilidad de secuencias de comandos en sitios cruzados (Cross-site scripting) en Internet Information Server 4.0, 5.0 y 5.1 permite a atacantes remotos ejecutar scripts arbitrarios como otros usuarios del web mediante el mensaje de error usado en una redirección de URL. • http://marc.info/?l=bugtraq&m=101854677802990&w=2 •
CVSS: 9.8EPSS: 84%CPEs: 2EXPL: 4CVE-2002-0079 – Microsoft IIS 4.0/5.0 - Chunked Encoding Transfer Heap Overflow
https://notcve.org/view.php?id=CVE-2002-0079
22 Apr 2002 — Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. Desbordamiento de buffer en el mecanismo de transferencia de codificación troceada (chunked encoding) en Active Server Pages (ASP) de Internet Information Server (IIS) 4.0 y 5.0, que permite a atacantes causar una denegación de servicio o ejecutar código arbitrario. • https://www.exploit-db.com/exploits/21369 •
CVSS: 9.1EPSS: 51%CPEs: 2EXPL: 0CVE-2002-0147
https://notcve.org/view.php?id=CVE-2002-0147
22 Apr 2002 — Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." Desbordamiento de buffer en el mecanismo de transferencia de datos de Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio o ejecutar código, tambien conocido como "Variante del desbordamiento de buffer en c... • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 7.5EPSS: 72%CPEs: 2EXPL: 1CVE-2002-0148 – Microsoft IIS 4.0/5.0 - HTTP Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0148
22 Apr 2002 — Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Vulnerabildad de secuencias de comandos en sitios cruzados (cross-site scripting) en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos ejecutar código arbitrario como otros usuarios mediatne una página de error HTTP. • https://www.exploit-db.com/exploits/21372 •
CVSS: 9.8EPSS: 49%CPEs: 2EXPL: 0CVE-2002-0149
https://notcve.org/view.php?id=CVE-2002-0149
22 Apr 2002 — Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Desbordamiento de buffer en las funciones de inclusión de ficheros en el servidor (server-side include) de ASP en IIS 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante nombres de fichero largos. • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 9.8EPSS: 67%CPEs: 2EXPL: 0CVE-2002-0150
https://notcve.org/view.php?id=CVE-2002-0150
22 Apr 2002 — Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. Desbordamiento de buffer en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos falsificar la comprobación de seguridad de cabeceras HTTP y causar una denegación de servicio o ejecutar código arbitrario mediante valores de campos de las cabeceras HTTP. • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 7.8EPSS: 80%CPEs: 2EXPL: 2CVE-2001-0506 – Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
https://notcve.org/view.php?id=CVE-2001-0506
20 Sep 2001 — Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. • https://www.exploit-db.com/exploits/21071 •
CVSS: 10.0EPSS: 91%CPEs: 3EXPL: 6CVE-2001-0500 – Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2001-0500
21 Jul 2001 — Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. • https://www.exploit-db.com/exploits/20930 •
CVSS: 5.5EPSS: 25%CPEs: 2EXPL: 3CVE-2001-1243 – Microsoft IIS 4.0/5.0 - Device File Local Denial of Service
https://notcve.org/view.php?id=CVE-2001-1243
04 Jul 2001 — Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. • https://www.exploit-db.com/exploits/20989 •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 0CVE-2001-0334
https://notcve.org/view.php?id=CVE-2001-0334
27 Jun 2001 — FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026 • CWE-131: Incorrect Calculation of Buffer Size •