CVSS: 7.5EPSS: 93%CPEs: 8EXPL: 6CVE-2010-3332 – Microsoft ASP.NET - Padding Oracle (MS10-070)
https://notcve.org/view.php?id=CVE-2010-3332
22 Sep 2010 — Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." Microsoft .NET Framework versiones 1.1 SP1, 2.0 SP1 y SP2, 3.5, 3.5 SP1, 3... • https://www.exploit-db.com/exploits/15213 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-4445
https://notcve.org/view.php?id=CVE-2009-4445
29 Dec 2009 — Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerabil... • http://securitytracker.com/id?1023387 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-6579
https://notcve.org/view.php?id=CVE-2006-6579
15 Dec 2006 — Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. Microsoft Windows XP tiene pérmisos débiles (FILE_WRITE_DATA y FILE_READ_DATA para cualquiera) para %WINDIR%\pchealth\ERRORREP\QHEADLES, lo cual permite a un usuario local escribir y leer archivos en esta carpet... • http://www.securityfocus.com/archive/1/454268/100/0/threaded •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 7CVE-2000-0649 – Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure
https://notcve.org/view.php?id=CVE-2000-0649
13 Jul 2000 — IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain II... • https://packetstorm.news/files/id/181126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 95%CPEs: 7EXPL: 1CVE-2000-0246 – Microsoft IIS 4.0 - UNC Mapped Virtual Host
https://notcve.org/view.php?id=CVE-2000-0246
30 Mar 2000 — IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 •
CVSS: 7.5EPSS: 90%CPEs: 2EXPL: 1CVE-1999-0154 – Microsoft IIS 2.0/3.0 - Appended Dot Script Source Disclosure
https://notcve.org/view.php?id=CVE-1999-0154
31 Dec 1999 — IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. • https://www.exploit-db.com/exploits/20481 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-1999-0412 – Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()
https://notcve.org/view.php?id=CVE-1999-0412
19 Feb 1999 — In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. • https://www.exploit-db.com/exploits/19376 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-1999-0450 – Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory
https://notcve.org/view.php?id=CVE-1999-0450
26 Jan 1999 — In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). • https://www.exploit-db.com/exploits/19152 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-1999-0281 – Microsoft IIS 2.0/3.0 - Long URL Denial of Service
https://notcve.org/view.php?id=CVE-1999-0281
01 Jun 1997 — Denial of service in IIS using long URLs. • https://www.exploit-db.com/exploits/20802 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-1999-0253
https://notcve.org/view.php?id=CVE-1999-0253
01 Jan 1997 — IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. • http://www.securityfocus.com/bid/1814 •