4674 matches found
Microsoft IIS ASP::$DATA ASP Source Disclosure
It is possible to get the source code of a remote ASP script by appending '::$DATA' to the end of the request. ASP source code may contain sensitive information such as logins, passwords and server information. %NASLMINLEVEL 70300 This script was written by Renaud Deraison See the Nessus Scripts...
Alert: MS Index Server (CISADV000330)
Cerberus Information Security Advisory CISADV000330 http://www.cerberus-infosec.co.uk/advisories.shtml Released : 30th March 2000 Name : Index Server Strike 3! Affected Systems : Microsoft Internet Information Server Issue : Attackers can gain source of ASP and other pages Author : David Litchfie...
Microsoft IIS WebHits null.htw .asp Source Disclosure
It is possible to get the source code of ASP scripts by issuing a specially crafted request. ASP source codes usually contain sensitive information such as usernames and passwords. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10356; scriptversion"1.44";...
CVE-2000-0302
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL...
Microsoft Index Server 2.0 - %20 ASP Source Disclosure
Microsoft Index Server 2.0 - %20 ASP Source Disclosure source: https://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space %20 to the end of the filename specified in the...
Microsoft Index Server 2.0 - '%20' ASP Source Disclosure
source: https://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space %20 to the end of the filename specified in the 'CiWebHitsFile' variable, and setting 'CiHiliteType' to 'Ful...
CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability...
Security Bulletin (MS00-019)
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Microsoft Security Bulletin MS00-019 - -------------------------------------- Patch...
CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability...
asp.runtime-error.txt
Forwarded with permission of the author. Please direct all replies to [email protected]. Ben Greenbaum Director of Site Content Security Focus http://www.securityfocus.com ---------- Forwarded message ---------- Description: ============ Active server pages ASP with runtime errors expose a security...
CVE-2000-0115
CVE-2000-0115 concerns Microsoft IIS. The vulnerability arises from a denial-of-service condition caused by invalid regular expressions in a Visual Basic script embedded in an ASP page. The root cause is malformed regex handling in VBScript within the ASP context, which can exhaust resources and ...
CVE-1999-0253
Summary: CVE-1999-0253 describes an information-disclosure flaw in IIS 3.0 with the iis-fix hotfix, where remote attackers could disclose ASP source by appending %2e in the URL. Affected product: Microsoft IIS 3.0 (with iis-fix) as documented in Red Hat, NVD/NVD-like records and Nessus entry; mul...
CVE-1999-0360
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely...
iis4.webhits.txt
Cerberus Information Security Advisory CISADV000126 http://www.cerberus-infosec.co.uk/advisories.html Released : 26th January 2000 Name : Webhits.dll buffer truncation Affected Systems: Microsoft Windows NT 4 running Internet Information Server 4 All service Packs Issue : Attackers can access fil...
CVE-2000-0115
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page...
PT-2000-1103
Name of the Vulnerable Software and Affected Versions IIS affected versions not specified Description The issue allows local users to cause a denial of service by using invalid regular expressions in a Visual Basic script within an ASP page. Recommendations At the moment, there is no information...
CVE-1999-1223
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / forward slash characters...
PT-1999-1008 · Microsoft · Iis
Name of the Vulnerable Software and Affected Versions: IIS versions 2.0 through 3.0 Description: The issue allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL. Recommendations: For IIS versions 2.0 through 3.0, consider restricting access to AS...
CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability...
CVE-1999-0278
Microsoft IIS ASP::$DATA ASP Source Disclosure: remote attackers can obtain ASP source by appending '::$DATA' to the URL. Affected: IIS hosting ASP scripts. Root cause: information disclosure via URL handling in IIS. Exploitation details: not provided in the supplied documents. Remediation: no pa...