Search Results (111 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0886 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
CVE-2000-1147 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
CVE-2001-0004 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
CVE-2001-0096 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
CVE-2001-0335 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
CVE-2001-0500 1 Microsoft 3 Index Server, Indexing Service, Internet Information Server 2026-04-16 N/A
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
CVE-2001-0709 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
CVE-2001-1243 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
CVE-1999-0007 5 C2net, Hp, Microsoft and 2 more 13 Stonghold Web Server, Open Market Secure Webserver, Exchange Server and 10 more 2026-04-16 N/A
Information from SSL-encrypted sessions via PKCS #1.
CVE-1999-0191 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS newdsn.exe CGI script allows remote users to overwrite files.
CVE-1999-0229 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
Denial of service in Windows NT IIS server using ..\..
CVE-1999-0349 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
CVE-2002-0072 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
CVE-2002-0073 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
CVE-2002-0150 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
CVE-1999-1011 1 Microsoft 4 Data Access Components, Index Server, Internet Information Server and 1 more 2026-04-16 N/A
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVE-2004-0205 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2026-04-16 N/A
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
CVE-1999-1223 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
CVE-2002-1695 2 Microsoft, Symantec 3 Internet Information Server, Internet Information Services, Norton Internet Security 2026-04-16 N/A
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
CVE-2002-1790 1 Microsoft 3 Exchange Server, Internet Information Server, Internet Information Services 2026-04-16 N/A
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.