CVSS: 7.8EPSS: 80%CPEs: 2EXPL: 2CVE-2001-0506 – Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
https://notcve.org/view.php?id=CVE-2001-0506
20 Sep 2001 — Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. • https://www.exploit-db.com/exploits/21071 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2001-0507 – Microsoft IIS 5.0 - In-Process Table Privilege Escalation
https://notcve.org/view.php?id=CVE-2001-0507
20 Sep 2001 — IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. • https://www.exploit-db.com/exploits/21072 •
CVSS: 7.5EPSS: 44%CPEs: 1EXPL: 0CVE-2001-0508
https://notcve.org/view.php?id=CVE-2001-0508
20 Sep 2001 — Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. • http://online.securityfocus.com/archive/1/182579 •
CVSS: 5.5EPSS: 25%CPEs: 2EXPL: 3CVE-2001-1243 – Microsoft IIS 4.0/5.0 - Device File Local Denial of Service
https://notcve.org/view.php?id=CVE-2001-1243
04 Jul 2001 — Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. • https://www.exploit-db.com/exploits/20989 •
CVSS: 7.5EPSS: 84%CPEs: 1EXPL: 1CVE-2001-0151 – Microsoft IIS 5.0 - WebDAV Denial of Service
https://notcve.org/view.php?id=CVE-2001-0151
07 May 2001 — IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. • https://www.exploit-db.com/exploits/20664 •
CVSS: 7.5EPSS: 12%CPEs: 2EXPL: 0CVE-2001-0146
https://notcve.org/view.php?id=CVE-2001-0146
09 Mar 2001 — IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. • http://www.kb.cert.org/vuls/id/796584 •
CVSS: 7.5EPSS: 76%CPEs: 2EXPL: 0CVE-2001-0004
https://notcve.org/view.php?id=CVE-2001-0004
12 Feb 2001 — IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. • http://marc.info/?l=bugtraq&m=97897954625305&w=2 •
CVSS: 7.5EPSS: 55%CPEs: 2EXPL: 0CVE-2001-0096
https://notcve.org/view.php?id=CVE-2001-0096
12 Feb 2001 — FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-100 •
CVSS: 9.8EPSS: 90%CPEs: 2EXPL: 9CVE-2000-0884 – Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal
https://notcve.org/view.php?id=CVE-2000-0884
19 Dec 2000 — IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. • https://www.exploit-db.com/exploits/20298 •
CVSS: 9.8EPSS: 90%CPEs: 2EXPL: 1CVE-2000-0886 – Microsoft IIS 4.0/5.0 - Executable File Parsing
https://notcve.org/view.php?id=CVE-2000-0886
19 Dec 2000 — IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. • https://www.exploit-db.com/exploits/20384 •