Lucene search
+L

4674 matches found

Tenable Nessus
Tenable Nessus
added 2000/04/10 12:0 a.m.109 views

Microsoft IIS ASP::$DATA ASP Source Disclosure

It is possible to get the source code of a remote ASP script by appending '::$DATA' to the end of the request. ASP source code may contain sensitive information such as logins, passwords and server information. %NASLMINLEVEL 70300 This script was written by Renaud Deraison See the Nessus Scripts...

5CVSS5.7AI score0.64814EPSS
Exploits0References2
securityvulns
securityvulns
added 2000/04/05 12:0 a.m.61 views

Alert: MS Index Server (CISADV000330)

Cerberus Information Security Advisory CISADV000330 http://www.cerberus-infosec.co.uk/advisories.shtml Released : 30th March 2000 Name : Index Server Strike 3! Affected Systems : Microsoft Internet Information Server Issue : Attackers can gain source of ASP and other pages Author : David Litchfie...

Exploits0
Tenable Nessus
Tenable Nessus
added 2000/04/01 12:0 a.m.235 views

Microsoft IIS WebHits null.htw .asp Source Disclosure

It is possible to get the source code of ASP scripts by issuing a specially crafted request. ASP source codes usually contain sensitive information such as usernames and passwords. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10356; scriptversion"1.44";...

5CVSS5.5AI score0.7843EPSS
Exploits0References3
NVD
NVD
added 2000/03/31 5:0 a.m.24 views

CVE-2000-0302

Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL...

5CVSS6.6AI score0.7843EPSS
Exploits0References4
exploitpack
exploitpack
added 2000/03/31 12:0 a.m.21 views

Microsoft Index Server 2.0 - %20 ASP Source Disclosure

Microsoft Index Server 2.0 - %20 ASP Source Disclosure source: https://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space %20 to the end of the filename specified in the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/03/31 12:0 a.m.43 views

Microsoft Index Server 2.0 - '%20' ASP Source Disclosure

source: https://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space %20 to the end of the filename specified in the 'CiWebHitsFile' variable, and setting 'CiHiliteType' to 'Ful...

7.4AI score
Exploits0
NVD
NVD
added 2000/03/30 5:0 a.m.18 views

CVE-2000-0246

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability...

5CVSS6.7AI score0.78911EPSS
Exploits0References3
securityvulns
securityvulns
added 2000/03/30 12:0 a.m.622 views

Security Bulletin (MS00-019)

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Microsoft Security Bulletin MS00-019 - -------------------------------------- Patch...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2000/03/22 5:0 a.m.31 views

CVE-2000-0025

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability...

6.8AI score0.34852EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2000/02/11 12:0 a.m.29 views

asp.runtime-error.txt

Forwarded with permission of the author. Please direct all replies to [email protected]. Ben Greenbaum Director of Site Content Security Focus http://www.securityfocus.com ---------- Forwarded message ---------- Description: ============ Active server pages ASP with runtime errors expose a security...

7.4AI score
Exploits0
CVE
CVE
added 2000/02/08 5:0 a.m.91 views

CVE-2000-0115

CVE-2000-0115 concerns Microsoft IIS. The vulnerability arises from a denial-of-service condition caused by invalid regular expressions in a Visual Basic script embedded in an ASP page. The root cause is malformed regex handling in VBScript within the ASP context, which can exhaust resources and ...

5CVSS6.5AI score0.0983EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2000/02/04 5:0 a.m.84 views

CVE-1999-0253

Summary: CVE-1999-0253 describes an information-disclosure flaw in IIS 3.0 with the iis-fix hotfix, where remote attackers could disclose ASP source by appending %2e in the URL. Affected product: Microsoft IIS 3.0 (with iis-fix) as documented in Red Hat, NVD/NVD-like records and Nessus entry; mul...

7.5CVSS6.9AI score0.07952EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.20 views

CVE-1999-0360

MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely...

7.1AI score0.05576EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2000/01/28 12:0 a.m.49 views

iis4.webhits.txt

Cerberus Information Security Advisory CISADV000126 http://www.cerberus-infosec.co.uk/advisories.html Released : 26th January 2000 Name : Webhits.dll buffer truncation Affected Systems: Microsoft Windows NT 4 running Internet Information Server 4 All service Packs Issue : Attackers can access fil...

7.4AI score
Exploits0
NVD
NVD
added 2000/01/21 5:0 a.m.28 views

CVE-2000-0115

IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page...

5CVSS6.2AI score0.0983EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2000/01/21 12:0 a.m.12 views

PT-2000-1103

Name of the Vulnerable Software and Affected Versions IIS affected versions not specified Description The issue allows local users to cause a denial of service by using invalid regular expressions in a Visual Basic script within an ASP page. Recommendations At the moment, there is no information...

5CVSS6.1AI score0.0983EPSS
Exploits0References2
NVD
NVD
added 1999/12/31 5:0 a.m.31 views

CVE-1999-1223

IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / forward slash characters...

5CVSS6.5AI score0.23055EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 1999/12/31 12:0 a.m.7 views

PT-1999-1008 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS versions 2.0 through 3.0 Description: The issue allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL. Recommendations: For IIS versions 2.0 through 3.0, consider restricting access to AS...

5CVSS6.5AI score0.40015EPSS
Exploits0References4
NVD
NVD
added 1999/12/21 5:0 a.m.17 views

CVE-2000-0025

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability...

5CVSS6.8AI score0.34852EPSS
Exploits0References3
CVE
CVE
added 1999/09/29 4:0 a.m.61 views

CVE-1999-0278

Microsoft IIS ASP::$DATA ASP Source Disclosure: remote attackers can obtain ASP source by appending '::$DATA' to the URL. Affected: IIS hosting ASP scripts. Root cause: information disclosure via URL handling in IIS. Exploitation details: not provided in the supplied documents. Remediation: no pa...

5CVSS7.1AI score0.64814EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder