Translate:f summary, history and thoughts

Because Microsoft went the way of HIDING the actual mechanism of Translate:f from all of us original KB article is gone and new Security Bulletin is playing nasty game of downplaying the problem, i have decided to write follow up with sufficient information. HOW IT WORKS -------------------------...

Security Bulletin (MS00-057)

Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...

bb-14h2.txt

versions affected: bb14h2 current and older exploit: bbd listens for incoming connections on port 1984. Using telnet or the bb client, it is possible to connect and create a filename with an arbitrary extension, as the extension is not rigorously checked. As this file is droped into a directory...

CVE-2000-0408

IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability...

CVE-2000-0413

The vulnerability CVE-2000-0413 affects the FrontPage Server Extensions shtml.exe component in IIS 4.0/5.0. A remote attacker can trigger an error by requesting a non-existent HTML/HTM/ASP/SHTML file, causing the server to reveal the local absolute path of the web root in the error message. This ...

CVE-2000-0413

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path...

CVE-1999-0874

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions...

windows2k.iss

I found there is a security problem about shtml.exe that allows anyone to explore the local path of IIS web server. Tested on windows2000 server.shtml.exe is a program issued with Forntpage Extention server for viewing smart HTML file, If we install Frontpage on Windows2000 server, a directory...

DoS через расширения URL в IIS

Специальным образом сконструированное расширение в URL приводит 100 потреблению ресурсов и отказе в обслузивании IIS...

shtml.exe reveal local path of IIS web directory

I found there is a security problem about shtml.exe that allows anyone to explore the local path of IIS web server. Tested on windows2000 server.shtml.exe is a program issued with Forntpage Extention server for viewing smart HTML file, If we install Frontpage on Windows2000 server, a directory...

Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure

The version of FrontPage Extensions running on the remote host has an information disclosure vulnerability. Using a non-existent file as an argument to the 'shtml.exe' CGI reveals the local absolute path of the web root. A remote attacker could use this information to mount further attacks. C...

CVE-2000-0413

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path...

FrontPage 2000 IIS 4.05.0 - Server Extensions Full Path Disclosure

FrontPage 2000 IIS 4.05.0 - Server Extensions Full Path Disclosure source: https://www.securityfocus.com/bid/1174/info The local path of a HTML, HTM, ASP, or SHTML file can be disclosed in Microsoft IIS 4.0/5.0 / Frontpage Server Extensions 1.1 and prior. Passing a path to a non-existent file to...

FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure

source: https://www.securityfocus.com/bid/1174/info The local path of a HTML, HTM, ASP, or SHTML file can be disclosed in Microsoft IIS 4.0/5.0 / Frontpage Server Extensions 1.1 and prior. Passing a path to a non-existent file to the shtml.exe or shtml.dll depending on platform program will displ...

CVE-2000-0256

The CVE-2000-0256 entry describes buffer overflows in FrontPage 97/98 Server Extensions, specifically htimage.exe (and Imagemap.exe) that allow a remote attacker to perform actions beyond the web site’s scope. A concrete exploit path is documented for htimage.exe via /cgi-bin/htimage.exe/AAAA[......

CVE-2000-0256

Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability...

Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions.

===================================================================== Securax-SA-02 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Ms Windows '95?/'98/SE explorer.exe causes a buffer overflow with long filename...

Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Filename Obfuscation

source: https://www.securityfocus.com/bid/1108/info Two dlls dvwssr.dll and mtd2lv.dll included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack include an obfuscation string that manipulates the name of requested files. Knowing this string and the obfuscation...

CVE-1999-0796

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks...

CVE-2000-0122

CVE-2000-0122 affects FrontPage Server Extensions. A remote attacker can determine the physical path of a virtual directory by issuing a GET to htimage.exe, leading to information disclosure about server layout. The provided records do not specify affected versions, exact vulnerable component det...