Page 3 of 15 results (0.010 seconds)

CVSS: 6.5EPSS: 96%CPEs: 2EXPL: 1

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Desbordamiento de búfer en Microsoft Internet Information Services (IIS) 5.0, 5.1, y 6.0 permite localmente y posiblemente a atacantes remotos ejecutar código de su elección a través de Active Server Pages (ASP) manipuladas. • https://www.exploit-db.com/exploits/2056 http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html http://secunia.com/advisories/21006 http://securitytracker.com/id?1016466 http://www.kb.cert.org/vuls/id/395588 http://www.osvdb.org/27152 http://www.securityfocus.com/bid/18858 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2752 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034 •

CVSS: 5.0EPSS: 12%CPEs: 2EXPL: 0

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. • http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html http://marc.info/?l=bugtraq&m=112474727903399&w=2 http://secunia.com/advisories/16548 http://www.vupen.com/english/advisories/2005/1503 •

CVSS: 5.0EPSS: 94%CPEs: 2EXPL: 1

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegación de servicio (consumición de memoria y CPU), caída de aplicación mediante un mensaje XML conteniendo elementos XML con un gran número de atributos. • https://www.exploit-db.com/exploits/585 http://marc.info/?l=bugtraq&m=109762641822064&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/17645 https://exchange.xforce.ibmcloud.com/vulnerabilities/17656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427 https://oval.cisecurity.org/repos •

CVSS: 10.0EPSS: 96%CPEs: 3EXPL: 6

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. • https://www.exploit-db.com/exploits/20930 https://www.exploit-db.com/exploits/16472 https://www.exploit-db.com/exploits/20931 https://www.exploit-db.com/exploits/20933 https://www.exploit-db.com/exploits/20932 http://www.cert.org/advisories/CA-2001-13.html http://www.ciac.org/ciac/bulletins/l-098.shtml http://www.iss.net/security_center/static/6705.php http://www.securityfocus.com/archive/1/191873 http://www.securityfocus.com/bid/2880 https://docs.microso •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. • http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00276.html http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00277.html http://www.securityfocus.com/bid/190 •