CVSS: 9.0EPSS: 78%CPEs: 19EXPL: 6CVE-2009-3023 – Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow
https://notcve.org/view.php?id=CVE-2009-3023
31 Aug 2009 — Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." Un desbordamiento de búfer en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 6.0, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de un com... • https://www.exploit-db.com/exploits/9559 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 0CVE-2008-0074
https://notcve.org/view.php?id=CVE-2008-0074
12 Feb 2008 — Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. Vulnerabilidad no especificada en Microsoft Internet Information Services (IIS) de 5.0 a 7.0. Permite a usuarios locales conseguir privilegios a través de vectores desconocidos relacionados a notificaciones de cambios de archivos en las carpetas TPRoot, NNTPFile\Root, or WWWR... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-6579
https://notcve.org/view.php?id=CVE-2006-6579
15 Dec 2006 — Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. Microsoft Windows XP tiene pérmisos débiles (FILE_WRITE_DATA y FILE_READ_DATA para cualquiera) para %WINDIR%\pchealth\ERRORREP\QHEADLES, lo cual permite a un usuario local escribir y leer archivos en esta carpet... • http://www.securityfocus.com/archive/1/454268/100/0/threaded •
CVSS: 8.4EPSS: 89%CPEs: 2EXPL: 1CVE-2006-0026 – Microsoft IIS - ASP Stack Overflow (MS06-034)
https://notcve.org/view.php?id=CVE-2006-0026
11 Jul 2006 — Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Desbordamiento de búfer en Microsoft Internet Information Services (IIS) 5.0, 5.1, y 6.0 permite localmente y posiblemente a atacantes remotos ejecutar código de su elección a través de Active Server Pages (ASP) manipuladas. • https://www.exploit-db.com/exploits/2056 •
CVSS: 7.5EPSS: 61%CPEs: 2EXPL: 0CVE-2005-2678
https://notcve.org/view.php?id=CVE-2005-2678
23 Aug 2005 — Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. • http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html •
CVSS: 7.5EPSS: 82%CPEs: 2EXPL: 1CVE-2003-0718 – Microsoft IIS - WebDAV XML Denial of Service (MS04-030)
https://notcve.org/view.php?id=CVE-2003-0718
16 Oct 2004 — The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegación de servicio (consumición de memoria y CPU), caída de aplicación mediante un mensaje XML co... • https://www.exploit-db.com/exploits/585 •
CVSS: 6.8EPSS: 8%CPEs: 2EXPL: 0CVE-2003-0223
https://notcve.org/view.php?id=CVE-2003-0223
30 May 2003 — Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. Vulnerabilidad de secuencias de comandos en sitios cruzados en la función ASP responsable de la redirección en el Microsoft Internet Information Server (IIS) 4.0, 5.0, y 5.1 permite que atacantes remotos embeban una URL que contiene script en un mensaje de redirección. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 •
CVSS: 7.5EPSS: 42%CPEs: 2EXPL: 0CVE-2003-0225
https://notcve.org/view.php?id=CVE-2003-0225
30 May 2003 — The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. La función ASP Response.AddHeader en Microsoft Internet Information Server (IIS) 4.0 y 5.0 no limita peticiones de memoria cuando se construyen los encabezamientos, lo que permite que atacantes remotos generen un encabezamiento largo q... • http://marc.info/?l=ntbugtraq&m=105110606122772&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1694
https://notcve.org/view.php?id=CVE-2002-1694
31 Dec 2002 — Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. • http://online.securityfocus.com/archive/1/250591 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1695
https://notcve.org/view.php?id=CVE-2002-1695
31 Dec 2002 — Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. • http://online.securityfocus.com/archive/1/250591 •