Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 1999-12-31 | CVE-1999-0154 | IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | Internet_information_server, Internet_information_services | N/A | ||
| 2000-01-21 | CVE-2000-0115 | IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. | Internet_information_server | N/A | ||
| 2000-01-26 | CVE-2000-0126 | Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | Internet_information_server | N/A | ||
| 2000-02-02 | CVE-2000-0114 | Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | Internet_information_server | N/A | ||
| 2008-02-12 | CVE-2008-0074 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | Internet_information_server, Internet_information_services | N/A | ||
| 2010-09-15 | CVE-2010-1899 | Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." | Internet_information_server, Internet_information_services | N/A | ||
| 2008-02-12 | CVE-2008-0075 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | Internet_information_server | N/A | ||
| 2002-04-22 | CVE-2002-0075 | Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0149 | Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0073 | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | Internet_information_server, Internet_information_services | N/A |