Microsoft IIS 7.0 Vulnerabilities (uncredentialed) (PCI/DSS)

According to the HTTP server banner the remote server is IIS 7.0. The server may be vulnerable to a number of vulnerabilities including a couple of remote code execution vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108808; scriptversion"1.8";...

Microsoft IIS - Short File/Folder Name Disclosure

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19525.zip Paper: http://www.exploit-db.com/docs/19527.pdf Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "IIS is a web...

Heap overflow

Heap-based buffer overflow in the TELNETSTREAMCONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services IIS 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service daemon crash via a crafted FTP...

CVE-2010-3972

Summary (CVE-2010-3972): A heap-based buffer overflow in the FTP service of Microsoft IIS (ftpsvc.dll) on IIS 7.0/7.5 enables remote code execution or DoS via a crafted FTP command. Affects Microsoft IIS FTP Service; root cause is improper handling of Telnet IAC data in TELNET_STREAM_CONTEXT::OnS...

Tunngavik CMS SQL Injection / Cross Site Scripting

======================================================= Tunngavik CMS Exploit database separated by exploit 3 3 type local, remote, DoS, etc. 3 7 7 1 + Site : 1337db.com 1 3 + Support e-mail : submitat1337db.com 3 3 3 7 7 1 I'm KnocKout 1337 Member from 1337 DataBase 1 3 3 3 3...

Denial of service

Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services IIS 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service daemon outage via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service...

Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)

This host is missing a critical security update according to Microsoft Bulletin MS10-065. OpenVAS Vulnerability Test $Id: secpodms10-065.nasl 6605 2017-07-07 11:22:07Z cfischer $ Microsoft Internet Information Services Remote Code Execution Vulnerabilities 2267960 Authors: Sooraj KS Copyright:...

Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)

This host is missing an important security update according to Microsoft Bulletin MS10-040. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)

This host is missing an important security update according to Microsoft Bulletin MS10-040. OpenVAS Vulnerability Test $Id: secpodms10-040.nasl 6605 2017-07-07 11:22:07Z cfischer $ Microsoft IIS Authentication Remote Code Execution Vulnerability 982666 Authors: Sooraj KS Updated By: Madhuri D on...

Cross site request forgery (csrf)

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

CVE-2009-3555

CVE-2009-3555 concerns a TLS/SSL renegotiation flaw where renegotiation handshakes were not properly associated with the existing connection, enabling MITM data insertion in HTTPS and other TLS/SSL sessions (Project Mogul). Connected advisories show concrete mitigations and affected software: Pou...

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution 975254 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves two publicly disclosed...

Denial of service

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service daemon outage via a series of crafted HTTP requests, aka "Remote...

CVE-2009-1536

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service daemon outage via a series of crafted HTTP requests, aka "Remote...

CVE-2009-1536

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service daemon outage via a series of crafted HTTP requests, aka "Remote...

CVE-2009-1536

Summary of CVE-2009-1536 (MS09-036). A Denial of Service vulnerability exists in the Microsoft .NET Framework when ASP.NET is used in IIS 7.0 in integrated mode. The issue stems from improper management of request scheduling in ASP.NET, which could allow remote attackers to cause a Web server to ...

Microsoft .NET Framework请求调度远程拒绝服务漏洞（MS09-036）

BUGTRAQ ID: 35985 CVECAN ID: CVE-2009-1536 Microsoft .NET Framework是一个流行的软件开发工具包。 ASP.NET管理请求调度的方式存在拒绝服务漏洞。攻击者可以创建特制的匿名HTTP请求导致受影响的Web服务器变得没有响应，直到重启相关的应用池。 仅可通过IIS 7.0暴露Microsoft .NET Framework中的漏洞代码。对于没有运行IIS 7.0的系统，无法利用这个漏洞。 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 Microsof...

Microsoft Security Bulletin MS09-036 - Important Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)

Microsoft Security Bulletin MS09-036 - Important Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service 970957 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update addresses a privately reported Denial of Service vulnerability in...

Microsoft Windows WMI服务隔离本地权限提升漏洞（MS09-012）

BUGTRAQ ID: 34442 CVECAN ID: CVE-2009-0078 Microsoft Windows是微软发布的非常流行的操作系统。 Windows管理规范（WMI）提供程序没有正确地隔离NetworkService或LocalService帐号下运行的进程，同一帐号下运行的两个独立进程可以完全访问对方的文件句柄、注册表项等资源。WMI提供程序主机进程在某些情况下会持有SYSTEM令牌，如果攻击者可以以...