CVSS: 9.1EPSS: 51%CPEs: 2EXPL: 0CVE-2002-0147
https://notcve.org/view.php?id=CVE-2002-0147
22 Apr 2002 — Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." Desbordamiento de buffer en el mecanismo de transferencia de datos de Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio o ejecutar código, tambien conocido como "Variante del desbordamiento de buffer en c... • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 7.5EPSS: 72%CPEs: 2EXPL: 1CVE-2002-0148 – Microsoft IIS 4.0/5.0 - HTTP Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0148
22 Apr 2002 — Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Vulnerabildad de secuencias de comandos en sitios cruzados (cross-site scripting) en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos ejecutar código arbitrario como otros usuarios mediatne una página de error HTTP. • https://www.exploit-db.com/exploits/21372 •
CVSS: 9.8EPSS: 49%CPEs: 2EXPL: 0CVE-2002-0149
https://notcve.org/view.php?id=CVE-2002-0149
22 Apr 2002 — Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Desbordamiento de buffer en las funciones de inclusión de ficheros en el servidor (server-side include) de ASP en IIS 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante nombres de fichero largos. • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 9.8EPSS: 67%CPEs: 2EXPL: 0CVE-2002-0150
https://notcve.org/view.php?id=CVE-2002-0150
22 Apr 2002 — Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. Desbordamiento de buffer en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos falsificar la comprobación de seguridad de cabeceras HTTP y causar una denegación de servicio o ejecutar código arbitrario mediante valores de campos de las cabeceras HTTP. • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 7.8EPSS: 80%CPEs: 2EXPL: 2CVE-2001-0506 – Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
https://notcve.org/view.php?id=CVE-2001-0506
20 Sep 2001 — Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. • https://www.exploit-db.com/exploits/21071 •
CVSS: 5.5EPSS: 25%CPEs: 2EXPL: 3CVE-2001-1243 – Microsoft IIS 4.0/5.0 - Device File Local Denial of Service
https://notcve.org/view.php?id=CVE-2001-1243
04 Jul 2001 — Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. • https://www.exploit-db.com/exploits/20989 •
CVSS: 7.5EPSS: 76%CPEs: 2EXPL: 0CVE-2001-0004
https://notcve.org/view.php?id=CVE-2001-0004
12 Feb 2001 — IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. • http://marc.info/?l=bugtraq&m=97897954625305&w=2 •
CVSS: 7.5EPSS: 55%CPEs: 2EXPL: 0CVE-2001-0096
https://notcve.org/view.php?id=CVE-2001-0096
12 Feb 2001 — FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-100 •
CVSS: 9.8EPSS: 90%CPEs: 2EXPL: 9CVE-2000-0884 – Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal
https://notcve.org/view.php?id=CVE-2000-0884
19 Dec 2000 — IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. • https://www.exploit-db.com/exploits/20298 •
CVSS: 9.8EPSS: 90%CPEs: 2EXPL: 1CVE-2000-0886 – Microsoft IIS 4.0/5.0 - Executable File Parsing
https://notcve.org/view.php?id=CVE-2000-0886
19 Dec 2000 — IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. • https://www.exploit-db.com/exploits/20384 •