96 results (0.005 seconds)

CVSS: 9.0EPSS: 97%CPEs: 19EXPL: 7

CVE-2009-3023 – MS09-053 Microsoft IIS FTP Server NLST Response Overflow

https://notcve.org/view.php?id=CVE-2009-3023

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." Un desbordamiento de búfer en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 6.0, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de un comando NLST (LISTA DE NOMBRES) diseñado que utiliza comodines, conllevando a la corrupción de memoria, también se conoce como "IIS FTP Service RCE and DoS Vulnerability". • https://www.exploit-db.com/exploits/9559 https://www.exploit-db.com/exploits/9541 https://www.exploit-db.com/exploits/16740 http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191 http://www.exploit-db.com/exploits/9541 http://www.exploit-db.com/exploits/9559 http://www.kb.cert.org/vuls/id/276653 http://www.securityfocus.com/bid/36189 http://www.us-cert.gov/cas/techalerts/TA09-286A.html http://www.vupen.com/english/advisories/2009/2481 https& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2006-6579

https://notcve.org/view.php?id=CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. Microsoft Windows XP tiene pérmisos débiles (FILE_WRITE_DATA y FILE_READ_DATA para cualquiera) para %WINDIR%\pchealth\ERRORREP\QHEADLES, lo cual permite a un usuario local escribir y leer archivos en esta carpeta, como se demostró con un shell ASP que tiene permisos de escritura por IWAM_machine y permiso de lectura por IUSR_Machine. • http://www.securityfocus.com/archive/1/454268/100/0/threaded •

CVSS: 7.2EPSS: 3%CPEs: 5EXPL: 0

CVE-2004-0205

https://notcve.org/view.php?id=CVE-2004-0205

Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. Desbordamiento de búfer en Microsoft Internet Information Server (IIS) 4.0 permite a usuarios locales ejecutar código de su elección mediante la función de redirección. • http://secunia.com/advisories/12061 http://www.ciac.org/ciac/bulletins/o-179.shtml http://www.kb.cert.org/vuls/id/717748 http://www.osvdb.org/7799 http://www.securityfocus.com/bid/10706 http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/16578 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2204 •

CVSS: 5.0EPSS: 13%CPEs: 3EXPL: 1

CVE-2003-1342 – Trend Micro Virus Control System 1.8 - Denial of Service

https://notcve.org/view.php?id=CVE-2003-1342

Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. • https://www.exploit-db.com/exploits/22172 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html http://secunia.com/advisories/7881 http://www.osvdb.org/6185 http://www.securityfocus.com/bid/6617 https://exchange.xforce.ibmcloud.com/vulnerabilities/11060 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 9%CPEs: 2EXPL: 0

CVE-2003-0225

https://notcve.org/view.php?id=CVE-2003-0225

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. La función ASP Response.AddHeader en Microsoft Internet Information Server (IIS) 4.0 y 5.0 no limita peticiones de memoria cuando se construyen los encabezamientos, lo que permite que atacantes remotos generen un encabezamiento largo que causa una denegación de servicio (agotamiento de memoria) con una página ASP. • http://marc.info/?l=ntbugtraq&m=105110606122772&w=2 http://www.aqtronix.com/Advisories/AQ-2003-01.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A373 •