From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

Cisco Talos has uncovered a BadIIS variant -- identifiable by its embedded "demo.pdb" strings -- that functions as commodity malware. This variant is likely sold or shared among multiple Chinese-speaking cybercrime groups that operate under a malware-as-a-service MaaS model for continuous...

CVE-2026-26335

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\Program Files x86\Veramark\VeraSMART\WebRoot\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes...

CVE-1999-0229

Denial of service in Windows NT IIS server using ..\...

EUVD-1999-0548

Malware in sbrugna...

EUVD-2019-9923

Malware in sbrugna...

EUVD-2019-1676

Malware in sbrugna...

EUVD-2020-2139

Malware in sbrugna...

EUVD-2003-0101

Malware in sbrugna...

EUVD-1999-0229

Malware in sbrugna...

EUVD-2023-40399

Malicious code in bioql PyPI...

EUVD-2022-35415

Malicious code in bioql PyPI...

CVE-2020-0645

A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'...

CVE-2019-1365

An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT...

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service', 'Description' = %q The vulnerability allows remote unauthenticated attackers to force...

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8...

Microsoft Windows Multiple Vulnerabilities (KB5031362)

This host is missing an important security update according to Microsoft KB5031362 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2023-36434

Technical details about CVE-2023-36434 are not provided in the connected documents. The materials mention the vulnerability in Windows IIS (Elevation of Privilege) but do not disclose affected products, root cause, exploit info, or fixes. Monitor for updates.

KB5031356: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031356. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

KB5031427: Windows Server 2012 Security Update (October 2023)

The remote Windows host is missing security update 5031427. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-36577 - Windows IIS Server Elevation of Privilege Vulnerability CVE-2023-36434 - Microsof...