CVSS: 8.2EPSS: 7%CPEs: 2EXPL: 0CVE-2014-4078
https://notcve.org/view.php?id=CVE-2014-4078
11 Nov 2014 — The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability." La caracteristica de seguridad IP en Microsoft Internet Information Services (IIS) 8.0 y 8.5 no procesa debidamente el permitir comodín y negar las normas para d... • http://www.securityfocus.com/bid/70937 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.2EPSS: 8%CPEs: 4EXPL: 5CVE-2011-5279
https://notcve.org/view.php?id=CVE-2011-5279
23 Apr 2014 — CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. Vulnerabilidad de inyección CRLF en la implementación CGI en Microsoft Internet Information Services (IIS) 4.x y 5.x en Windows NT y Windows 2000 permite a atacantes remotos modificar variables de entorno en mayúsculas a través de una caract... • http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e •
CVSS: 10.0EPSS: 91%CPEs: 1EXPL: 4CVE-2010-3972 – Microsoft IIS 7.5 (Windows 7) - FTPSVC Unauthorized Remote Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2010-3972
23 Dec 2010 — Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. La función TELNET_STREAM_CONTEXT::OnSendData en el manejador de protocolo FTP... • https://packetstorm.news/files/id/180580 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 89%CPEs: 8EXPL: 6CVE-2010-3332 – Microsoft ASP.NET - Padding Oracle (MS10-070)
https://notcve.org/view.php?id=CVE-2010-3332
22 Sep 2010 — Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." Microsoft .NET Framework versiones 1.1 SP1, 2.0 SP1 y SP2, 3.5, 3.5 SP1, 3... • https://www.exploit-db.com/exploits/15213 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 87%CPEs: 2EXPL: 2CVE-2010-1899 – Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)
https://notcve.org/view.php?id=CVE-2010-1899
15 Sep 2010 — Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." Vulnerabilidad de consumo en la pila en la aplicación ASP de Microsoft Internet Information Services (IIS) v5.1, v6.0, v7.0, y v7.5 permite a atacantes remotos causar una denegación de servicio (parad... • https://packetstorm.news/files/id/180584 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 0CVE-2010-2730
https://notcve.org/view.php?id=CVE-2010-2730
15 Sep 2010 — Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Desbordamiento de buffer en Microsoft Internet Information Services (IIS) v7.5, cuando está habilitado FastCGI, permite a los atacantes remotos ejecutar código a su elección a través de cabeceras manipuladas en una petición, también conocido como "Request Header Buffer Overflow Vu... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 58%CPEs: 2EXPL: 0CVE-2009-4444
https://notcve.org/view.php?id=CVE-2009-4444
29 Dec 2009 — Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file. Microsoft Internet Information Services (IIS) 5.x y 6.x usa só... • http://blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis.aspx •
CVSS: 9.1EPSS: 13%CPEs: 1EXPL: 0CVE-2009-4445
https://notcve.org/view.php?id=CVE-2009-4445
29 Dec 2009 — Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerabil... • http://securitytracker.com/id?1023387 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 60%CPEs: 1EXPL: 3CVE-2009-2521 – Microsoft IIS 5.0/6.0 FTP Server - Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2009-2521
04 Sep 2009 — Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." Una vulnerabilidad de consumo de pila en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 7.0, permite a los usuarios autenticado... • https://packetstorm.news/files/id/180573 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 92%CPEs: 2EXPL: 3CVE-2009-1122 – Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1122
10 Jun 2009 — The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. La extension WebDAV en Microsoft Internet Information Services (IIS) v5.0 on Windows 2000 SP4 no decodifica adecuadamente las URLs, lo que permite a atacantes remot... • https://packetstorm.news/files/id/181127 • CWE-287: Improper Authentication •