Page 6 of 31 results (0.011 seconds)

CVSS: 5.0EPSS: 95%CPEs: 7EXPL: 1

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 http://www.microsoft.com/technet/support/kb.asp?ID=249599 http://www.securityfocus.com/bid/1081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019 •

CVSS: 5.0EPSS: 90%CPEs: 2EXPL: 1

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. • https://www.exploit-db.com/exploits/20481 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0154 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. • https://www.exploit-db.com/exploits/19376 http://www.securityfocus.com/bid/501 •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). • https://www.exploit-db.com/exploits/19152 http://www.securityfocus.com/bid/194 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Denial of service in IIS using long URLs. • https://www.exploit-db.com/exploits/20802 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0281 •