iis software vulnerabilities
vulnerabilities.aspcode.net
Searching iis software vulnerabilities
IIS 2.0 and 3.0 allows remote attackers to read
attackers
|
appending
|
source
|
allows
|
remote
|
pages
|
code
|
read
|
IIS
|
ASP
|
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
IIS 3.0 with the iis-fix hotfix installed allow
installed
|
intruders
|
programs
|
instead
|
iis-fix
|
source
|
allows
|
hotfix
|
remote
|
using
|
read
|
code
|
IIS
|
%2e
|
ASP
|
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
In IIS, an attacker could determine a real path
non-existent
|
interpreted
|
determine
|
attacker
|
request
|
would
|
using
|
could
|
Perl
|
path
|
real
|
IIS
|
URL
|
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .
IIS has the #exec function enabled for Server S
function
|
enabled
|
Include
|
Server
|
#exec
|
Side
|
has
|
IIS
|
IIS has the #exec function enabled for Server Side Include (SSI) files.
The showcode.asp sample file in IIS and Site Se
showcodeasp
|
attackers
|
arbitrary
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
The viewcode.asp sample file in IIS and Site Se
viewcodeasp
|
attackers
|
arbitrary
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
The code.asp sample file in IIS and Site Server
attackers
|
arbitrary
|
codeasp
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
The codebrws.asp sample file in IIS and Site Se
codebrwsasp
|
attackers
|
arbitrary
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
Buffer overflow in fpcount.exe in IIS 4.0 with
fpcountexe
|
Extensions
|
arbitrary
|
attackers
|
FrontPage
|
overflow
|
commands
|
execute
|
remote
|
Server
|
Buffer
|
allows
|
IIS
|
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
The Winmsdp.exe sample file in IIS 4.0 and Site
Winmsdpexe
|
attackers
|
arbitrary
|
allows
|
remote
|
Server
|
sample
|
files
|
read
|
Site
|
file
|
IIS
|
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
When IIS 2 or 3 is upgraded to IIS 4, ism.dll i
/scripts/iisadmin
|
Administrator's
|
inadvertently
|
unauthorized
|
information
|
sensitive
|
including
|
restrict
|
password
|
upgraded
|
machine
|
allows
|
ismdll
|
server
|
access
|
local
|
which
|
does
|
user
|
gain
|
left
|
IIS
|
not
|
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
IIS 4.0 allows a remote attacker to obtain the
non-existent
|
requesting
|
extensions
|
pathname
|
document
|
attacker
|
remote
|
allows
|
obtain
|
files
|
root
|
real
|
IIS
|
idq
|
ida
|
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
IIS allows local users to cause a denial of ser
expressions
|
service
|
invalid
|
regular
|
allows
|
Visual
|
script
|
denial
|
Basic
|
cause
|
users
|
local
|
page
|
ASP
|
IIS
|
via
|
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
Sample Internet Data Query (IDQ) scripts in IIS
Internet
|
Sample
|
Query
|
Data
|
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
IIS Inetinfo.exe allows local users to cause a
Inetinfoexe
|
extension
|
directory
|
creating
|
service
|
allows
|
pickup
|
txteml
|
denial
|
cause
|
users
|
local
|
name
|
mail
|
file
|
long
|
IIS
|
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
Buffer overflow in IIS ISAPI .ASP parsing mecha
"LANGUAGE"
|
arbitrary
|
attackers
|
mechanism
|
overflow
|
argument
|
commands
|
execute
|
parsing
|
Buffer
|
string
|
allows
|
script
|
ISAPI
|
long
|
ASP
|
tag
|
IIS
|
via
|
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
IIS 5.0 and Microsoft Exchange 2000 allow remot
Microsoft
|
Exchange
|
IIS
|
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
Microsoft Internet Information Server (IIS) 4.0
Information
|
Microsoft
|
Internet
|
Server
|
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
Buffer overflow in jrun.dll in ColdFusion MX, w
ColdFusion
|
attackers
|
overflow
|
service
|
jrundll
|
remote
|
denial
|
Buffer
|
allows
|
cause
|
used
|
via
|
IIS
|
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
Unspecified vulnerability in the IIS connector
vulnerability
|
Unspecified
|
ColdFusion
|
Enterprise
|
Microsoft
|
connector
|
attackers
|
involving
|
service
|
request
|
vectors
|
Updater
|
denial
|
allows
|
remote
|
Adobe
|
using
|
cause
|
file
|
root
|
JRun
|
via
|
web
|
IIS
|
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
Software vulnerabilities results 1 to 20 of 81
Page:
1
2
3
4
5
►