CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-6579
https://notcve.org/view.php?id=CVE-2006-6579
15 Dec 2006 — Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. Microsoft Windows XP tiene pérmisos débiles (FILE_WRITE_DATA y FILE_READ_DATA para cualquiera) para %WINDIR%\pchealth\ERRORREP\QHEADLES, lo cual permite a un usuario local escribir y leer archivos en esta carpet... • http://www.securityfocus.com/archive/1/454268/100/0/threaded •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 1CVE-2003-1342 – Trend Micro Virus Control System 1.8 - Denial of Service
https://notcve.org/view.php?id=CVE-2003-1342
31 Dec 2003 — Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. • https://www.exploit-db.com/exploits/22172 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 26%CPEs: 1EXPL: 0CVE-2001-0709
https://notcve.org/view.php?id=CVE-2001-0709
29 Aug 2001 — Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. • http://www.securityfocus.com/archive/1/192802 •
CVSS: 10.0EPSS: 91%CPEs: 3EXPL: 6CVE-2001-0500 – Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2001-0500
21 Jul 2001 — Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. • https://www.exploit-db.com/exploits/20930 •
CVSS: 9.8EPSS: 80%CPEs: 2EXPL: 9CVE-2001-0333 – Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution
https://notcve.org/view.php?id=CVE-2001-0333
27 Jun 2001 — Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. • https://www.exploit-db.com/exploits/20835 •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 0CVE-2001-0334
https://notcve.org/view.php?id=CVE-2001-0334
27 Jun 2001 — FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.3EPSS: 37%CPEs: 1EXPL: 0CVE-2001-0335
https://notcve.org/view.php?id=CVE-2001-0335
27 Jun 2001 — FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. • http://www.securityfocus.com/bid/2719 •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 1CVE-2001-0336 – Microsoft IIS 4.0/5.0 - FTP Denial of Service (MS01-026)
https://notcve.org/view.php?id=CVE-2001-0336
27 Jun 2001 — The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. • https://www.exploit-db.com/exploits/20846 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2001-0337
https://notcve.org/view.php?id=CVE-2001-0337
24 May 2001 — The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026 •
CVSS: 7.5EPSS: 48%CPEs: 3EXPL: 0CVE-2000-0631
https://notcve.org/view.php?id=CVE-2000-0631
14 Jul 2000 — An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. • http://marc.info/?l=bugtraq&m=96390444022878&w=2 •