Page 9 of 46 results (0.011 seconds)

CVSS: 5.0EPSS: 90%CPEs: 3EXPL: 1

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. • https://www.exploit-db.com/exploits/19897 http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html http://www.securityfocus.com/bid/1174 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. IIS 4.0 y 5.0 permite a atacantes remotos provocar una denegación de servicio enviando muchas URLs con un largo número de caracteres de escape, también conocida como la Vulnerabilidad "Myriad Escaped Characters". • http://www.securityfocus.com/bid/1101 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 95%CPEs: 7EXPL: 1

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 http://www.microsoft.com/technet/support/kb.asp?ID=249599 http://www.securityfocus.com/bid/1081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019 •

CVSS: 5.0EPSS: 92%CPEs: 3EXPL: 0

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. • http://marc.info/?l=bugtraq&m=94770020309953&w=2 http://marc.info/?l=bugtraq&m=94780058006791&w=2 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. • https://www.exploit-db.com/exploits/19376 http://www.securityfocus.com/bid/501 •