36 matches found
http-iis-short-name-brute NSE Script
Attempts to brute force the 8.3 filenames commonly known as short names of files and directories in the root folder of vulnerable IIS servers. This script is an implementation of the PoC "iis shortname scanner". The script uses ,? and to bruteforce the short name of files present in the IIS...
Microsoft IIS - Short File/Folder Name Disclosure
PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19525.zip Paper: http://www.exploit-db.com/docs/19527.pdf Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "IIS is a web...
A species vulnerability--IIS 5.1 Directory Authentication Bypass-vulnerability warning-the black bar safety net
Bugtraq ID: 4 1 3 1 4 CVE ID: CVE-2 0 1 0-2 7 3 1 CNCVE ID: CNCVE-2 0 1 0 2 7 3 1 Vulnerability published:2010-07-01 Vulnerability update time:2010-09-14 Vulnerability causes: access validation error Danger level: low Affected systems: Microsoft IIS 5.1 Hazard: a remote attacker can exploit the...
CVE-2010-2731
Unspecified vulnerability in Microsoft Internet Information Services IIS 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass...
Denial of service
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services IIS 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service daemon outage via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service...
CVE-2010-2731
Unspecified vulnerability in Microsoft Internet Information Services IIS 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass...
Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)
This host is missing a critical security update according to Microsoft Bulletin MS10-065. OpenVAS Vulnerability Test $Id: secpodms10-065.nasl 6605 2017-07-07 11:22:07Z cfischer $ Microsoft Internet Information Services Remote Code Execution Vulnerabilities 2267960 Authors: Sooraj KS Copyright:...
Microsoft IIS 5.1 重定向错误页面跨站脚本执行漏洞
No description provided by source...
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution 975254 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves two publicly disclosed...
http-iis-webdav-vuln NSE Script
Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020, . A list of well known folders almost 900 is use...
Microsoft IIS ASP远程代码执行漏洞(MS08-006)
BUGTRAQ ID: 27676 CVECAN ID: CVE-2008-0075 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS处理ASP网页输入的方式存在远程代码执行漏洞,允许攻击者向网站的ASP页面传送恶意输入。成功利用这个漏洞的攻击者可以在IIS服务器上以WPI的权限(默认配置为网络服务帐号权限)执行任意操作。 Microsoft IIS 6.0 Microsoft IIS 5.1 临时解决方法: 在Windows Server 2003上禁用传统风格ASP: 1...
Snitz Forums 2000 Active.ASP SQL注入漏洞
Snitz Forums 2000是一款基于ASP的WEB应用程序。 Snitz Forums 2000不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'Active.ASP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Snitz Forums 2000 Snitz Forums 2000 3.4.6 Snitz Forums 2000 Snitz Forums 2000 3.4 .05 Snitz Forums 2000 Snitz Forums...
Microsoft Security Bulletin MS07-041 - Important Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
Microsoft Security Bulletin MS07-041 - Important Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution 939373 Published: July 10, 2007 Version: 1.0 General Information Executive Summary This important security update resolves a privately reported vulnerability...
Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass
Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass !/bin/sh NTLM && BASIC AUTH BYPASS : sha0atbadchecksum.net Based on my adv: https://www.securityfocus.com/bid/24105/info CVE-2007-2815 if $ != 2 then printf "USAGE:\t\t$0 \nExample:\t$0 http://www.microsoft.com /en/us/default.aspx\n\n";...
CVE-2006-6578
Microsoft Internet Information Services IIS 5.1 permits the IUSRMachine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directo...
ASP.DLL Include File Buffer Overflow
======================================================================== = ASP.DLL Include File Buffer Overflow = = MS Bulletin posted: = http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx = = Affected Software: = IIS 5.0 = IIS 5.1 = IIS 6.0 = = Public disclosure on July 19, 2006...
Microsoft Internet Information Services (IIS) Multiple Vulnerabilities (Q327696, MS02-062)
Microsoft Internet Information Services IIS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2002 Michael Scheidell Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
ASP/ASA Source Using Microsoft Translate f: bug (IIS 5.1)
Binary data 3212.prm...
Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)
There is a serious vulnerability in IIS 5.1 that allows an attacker to view ASP/ASA source code instead of a processed file, when the files are stored on a FAT partition. ASP source code can contain sensitive information such as username's and passwords for ODBC connections. %NASLMINLEVEL 70300 C...
IIS 5.1 SP0 Detection (English Versions Only)
Binary data 3214.prm...