iis fix software vulnerabilities
vulnerabilities.aspcode.net
Searching iis fix software vulnerabilities
IIS 2.0 and 3.0 allows remote attackers to read
attackers
|
appending
|
source
|
allows
|
remote
|
pages
|
code
|
read
|
IIS
|
ASP
|
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
Denial of service in Windows NT IIS server usin
Windows
|
service
|
server
|
Denial
|
using
|
IIS
|
Denial of service in Windows NT IIS server using ..\..
In IIS, an attacker could determine a real path
non-existent
|
interpreted
|
determine
|
attacker
|
request
|
would
|
using
|
could
|
Perl
|
path
|
real
|
IIS
|
URL
|
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .
IIS has the #exec function enabled for Server S
function
|
enabled
|
Include
|
Server
|
#exec
|
Side
|
has
|
IIS
|
IIS has the #exec function enabled for Server Side Include (SSI) files.
The showcode.asp sample file in IIS and Site Se
showcodeasp
|
attackers
|
arbitrary
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
The viewcode.asp sample file in IIS and Site Se
viewcodeasp
|
attackers
|
arbitrary
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
The code.asp sample file in IIS and Site Server
attackers
|
arbitrary
|
codeasp
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
The codebrws.asp sample file in IIS and Site Se
codebrwsasp
|
attackers
|
arbitrary
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
Buffer overflow in fpcount.exe in IIS 4.0 with
fpcountexe
|
Extensions
|
arbitrary
|
attackers
|
FrontPage
|
overflow
|
commands
|
execute
|
remote
|
Server
|
Buffer
|
allows
|
IIS
|
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
The Winmsdp.exe sample file in IIS 4.0 and Site
Winmsdpexe
|
attackers
|
arbitrary
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
When IIS 2 or 3 is upgraded to IIS 4, ism.dll i
/scripts/iisadmin
|
Administrator's
|
inadvertently
|
unauthorized
|
information
|
sensitive
|
including
|
restrict
|
password
|
upgraded
|
machine
|
allows
|
ismdll
|
server
|
access
|
local
|
which
|
does
|
user
|
gain
|
left
|
IIS
|
not
|
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
IIS 4.0 allows a remote attacker to obtain the
non-existent
|
requesting
|
extensions
|
pathname
|
document
|
attacker
|
remote
|
allows
|
obtain
|
files
|
root
|
real
|
IIS
|
idq
|
ida
|
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
IIS allows local users to cause a denial of ser
expressions
|
service
|
invalid
|
regular
|
allows
|
Visual
|
script
|
denial
|
Basic
|
cause
|
users
|
local
|
page
|
ASP
|
IIS
|
via
|
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
Sample Internet Data Query (IDQ) scripts in IIS
Internet
|
Sample
|
Query
|
Data
|
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
Microsoft Internet Information Server (IIS) 4.0
Information
|
Microsoft
|
Internet
|
Server
|
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
Buffer overflow in jrun.dll in ColdFusion MX, w
ColdFusion
|
attackers
|
overflow
|
service
|
jrundll
|
remote
|
denial
|
Buffer
|
allows
|
cause
|
used
|
via
|
IIS
|
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
IBM WebSphere Application Server 5.0.2 (or any
Application
|
WebSphere
|
Server
|
IBM
|
IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token.
Unspecified vulnerability in E-Xoopport before
vulnerability
|
Unspecified
|
E-Xoopport
|
before
|
Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix."
Unspecified vulnerability in the IIS connector
vulnerability
|
Unspecified
|
ColdFusion
|
Enterprise
|
Microsoft
|
connector
|
attackers
|
involving
|
service
|
request
|
vectors
|
Updater
|
denial
|
allows
|
remote
|
Adobe
|
using
|
cause
|
file
|
root
|
JRun
|
via
|
web
|
IIS
|
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
Unspecified vulnerability in ReactOS 0.3.1 has
vulnerability
|
Unspecified
|
ReactOS
|
Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.
Software vulnerabilities results 1 to 20 of 168
Page:
1
2
3
4
5
...
9
►