Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Information Services
Subscriptions
Total
92 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-3972 | 1 Microsoft | 1 Internet Information Services | 2024-08-07 | N/A |
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. | ||||
CVE-2010-3332 | 1 Microsoft | 2 .net Framework, Internet Information Services | 2024-08-07 | N/A |
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." | ||||
CVE-2010-2730 | 1 Microsoft | 1 Internet Information Services | 2024-08-07 | N/A |
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." | ||||
CVE-2010-1899 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-07 | N/A |
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." | ||||
CVE-2011-5279 | 1 Microsoft | 3 Internet Information Services, Windows 2000, Windows Nt | 2024-08-07 | N/A |
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. | ||||
CVE-2014-4078 | 1 Microsoft | 1 Internet Information Services | 2024-08-06 | N/A |
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability." | ||||
CVE-1999-0450 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-01 | N/A |
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | ||||
CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-01 | N/A |
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | ||||
CVE-1999-0281 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-01 | N/A |
Denial of service in IIS using long URLs. | ||||
CVE-1999-0253 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-01 | N/A |
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | ||||
CVE-1999-0233 | 1 Microsoft | 1 Internet Information Services | 2024-08-01 | N/A |
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | ||||
CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-01 | N/A |
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |