Microsoft - Internet Information Services CVE

Filtered by vendor Microsoft Subscriptions

Filtered by product Internet Information Services Subscriptions

Total 92 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2010-3972	1 Microsoft	1 Internet Information Services	2024-08-07	N/A
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2010-3332	1 Microsoft	2 .net Framework, Internet Information Services	2024-08-07	N/A
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
CVE-2010-2730	1 Microsoft	1 Internet Information Services	2024-08-07	N/A
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
CVE-2010-1899	1 Microsoft	2 Internet Information Server, Internet Information Services	2024-08-07	N/A
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
CVE-2011-5279	1 Microsoft	3 Internet Information Services, Windows 2000, Windows Nt	2024-08-07	N/A
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
CVE-2014-4078	1 Microsoft	1 Internet Information Services	2024-08-06	N/A
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."
CVE-1999-0450	1 Microsoft	2 Internet Information Server, Internet Information Services	2024-08-01	N/A
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
CVE-1999-0412	1 Microsoft	2 Internet Information Server, Internet Information Services	2024-08-01	N/A
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVE-1999-0281	1 Microsoft	2 Internet Information Server, Internet Information Services	2024-08-01	N/A
Denial of service in IIS using long URLs.
CVE-1999-0253	1 Microsoft	2 Internet Information Server, Internet Information Services	2024-08-01	N/A
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
CVE-1999-0233	1 Microsoft	1 Internet Information Services	2024-08-01	N/A
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
CVE-1999-0154	1 Microsoft	2 Internet Information Server, Internet Information Services	2024-08-01	N/A
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.

« first previous Page 5 of 5.