CVSS: 10.0EPSS: 68%CPEs: 7EXPL: 3CVE-1999-1011 – MS99-025 Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
https://notcve.org/view.php?id=CVE-1999-1011
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. • https://www.exploit-db.com/exploits/19425 https://www.exploit-db.com/exploits/19424 http://www.ciac.org/ciac/bulletins/j-054.shtml http://www.osvdb.org/272 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025 https://www.securityfocus.com/bid/529 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/iis/msadc.rb • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-1999-1537
https://notcve.org/view.php?id=CVE-1999-1537
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. • http://marc.info/?l=ntbugtraq&m=93138827329577&w=2 http://www.securityfocus.com/bid/521 https://exchange.xforce.ibmcloud.com/vulnerabilities/2352 •
CVSS: 5.0EPSS: 89%CPEs: 2EXPL: 0CVE-1999-1478
https://notcve.org/view.php?id=CVE-1999-1478
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. • http://marc.info/?l=ntbugtraq&m=93138827429589&w=2 http://marc.info/?l=ntbugtraq&m=93240220324183&w=2 http://www.securityfocus.com/bid/522 https://exchange.xforce.ibmcloud.com/vulnerabilities/2348 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-1999-0412 – Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()
https://notcve.org/view.php?id=CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. • https://www.exploit-db.com/exploits/19376 http://www.securityfocus.com/bid/501 •
CVSS: 5.0EPSS: 16%CPEs: 2EXPL: 2CVE-1999-1375 – Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
https://notcve.org/view.php?id=CVE-1999-1375
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. • https://www.exploit-db.com/exploits/19194 http://marc.info/?l=ntbugtraq&m=91877455626320&w=2 http://www.securityfocus.com/bid/230 •