Page 6 of 46 results (0.006 seconds)

CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 3

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. • https://www.exploit-db.com/exploits/20989 https://www.exploit-db.com/exploits/20991 http://www.iss.net/security_center/static/6800.php http://www.securityfocus.com/archive/1/194919 http://www.securityfocus.com/bid/2973 •

CVSS: 5.0EPSS: 87%CPEs: 2EXPL: 0

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. • http://marc.info/?l=bugtraq&m=97897954625305&w=2 http://www.securityfocus.com/bid/2313 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/5903 •

CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0

FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-100 https://exchange.xforce.ibmcloud.com/vulnerabilities/5823 •

CVSS: 7.5EPSS: 96%CPEs: 2EXPL: 1

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. • https://www.exploit-db.com/exploits/20384 http://www.securityfocus.com/bid/1912 http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05& https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-086 https://exchange.xforce.ibmcloud.com/vulnerabilities/5470 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A191 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. • http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt http://www.osvdb.org/7265 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080 https://exchange.xforce.ibmcloud.com/vulnerabilities/5396 •