30 matches found
Microsoft Index Server 2.0 - %20 ASP Source Disclosure
Microsoft Index Server 2.0 - %20 ASP Source Disclosure source: https://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space %20 to the end of the filename specified in the...
Security Bulletin (MS00-019)
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Microsoft Security Bulletin MS00-019 - -------------------------------------- Patch...
CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability...
CVE-1999-0253
Summary: CVE-1999-0253 describes an information-disclosure flaw in IIS 3.0 with the iis-fix hotfix, where remote attackers could disclose ASP source by appending %2e in the URL. Affected product: Microsoft IIS 3.0 (with iis-fix) as documented in Red Hat, NVD/NVD-like records and Nessus entry; mul...
iis4.webhits.txt
Cerberus Information Security Advisory CISADV000126 http://www.cerberus-infosec.co.uk/advisories.html Released : 26th January 2000 Name : Webhits.dll buffer truncation Affected Systems: Microsoft Windows NT 4 running Internet Information Server 4 All service Packs Issue : Attackers can access fil...
ms.iis4.showcode.txt
L0pht Security Advisory ------------- URL Origin: http://www.l0pht.com/advisories.html Release Date: May 7th, 1999 Application: Microsoft IIS 4.0 Web Server Severity: Web users can view ASP source code and other sensitive files on the web server Author: [email protected] Operating Sys: Microsoft NT...
Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this synta...
CVE-1999-0278
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL...
Microsoft IIS 3.04.0 Microsoft Personal Web Server 2.03.04.0 - ASP Alternate Data Streams
Microsoft IIS 3.04.0 Microsoft Personal Web Server 2.03.04.0 - ASP Alternate Data Streams source: https://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA t...
Microsoft IIS 3.0/4.0 / Microsoft Personal Web Server 2.0/3.0/4.0 - ASP Alternate Data Streams
source: https://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA to an asp being requested, the ASP source will be returned, instead of executing the ASP. F...