CVE-2022-36664

Password Manager for IIS 2.0 has a cross-site scripting XSS vulnerability via the /isapi/PasswordManager.dll ResultURL parameter...

CVE-2003-1567

The undocumented TRACK method in Microsoft Internet Information Services IIS 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by usi...

iisspy and iis6. 0 parsing fixes-vulnerability warning-the black bar safety net

IIS Spy: “%SystemRoot%/ServicePackFiles/i386/activeds.dll “%SystemRoot%/system32/activeds.dll “%SystemRoot%/system32/activeds. tlb The USER group and the POWERS Group is removed, leaving only the administrators and system permissions. iis6. 0 analysis 1, can upload the directory to the IIS does n...

MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

The remote host has a version of IIS whose FTP service is affected by one or both of the following vulnerabilities : - By sending specially crafted list commands to the remote Microsoft FTP service, an attacker is able to cause the service to become unresponsive. CVE-2009-2521 - A flaw in the way...

Analysis of the storm database vulnerability principle and the law-vulnerability and early warning-the black bar safety net

I see the storm library vulnerability principle and the law SQL injectionpopular for a long time, we're looking for vulnerability injection purpose is nothing but want to get the database stuff, such as username, password, etc., further the MSSQL database you can also take this to get permission...

SQLQHit Directory Structure Disclosure

The Sample SQL Query CGI is present. The sample allows anyone to structure a certain query that would retrieve the content of directories present on the local server. OpenVAS Vulnerability Test $Id: sqlqhitinformationdisclosure.nasl 5786 2017-03-30 10:08:58Z cfi $ Description: SQLQHit Directory...

Microsoft IIS viewcode.asp Arbitrary File Access

Binary data 1710.prm...

CVE-2003-1102

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code...

IIS allows universal CrossSiteScripting

Thor Larholm security advisory TL001 ------------------------------------- By Thor Larholm, Denmark. 10 April 2002 HTML format: http://jscript.dk/adv/TL001/ Topic: IIS allows universal CrossSiteScripting. Discovery date: 13 March 2002. Severity: Medium Affected applications: ---------------------...

CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...

Повышение привилегий в IIS (privelege escalation)

Пользователь с правами GUEST может получить привелегии системы...

DoS против обработчика ASP в IIS (ASP special device name DoS)

При обращении из ASP к специальному объекту файловой системы проводит к зависанию обработчика ASP...

IIS HACKING

Hi Folks, i have just compiled the well-known IIS tricks. I hope it will be helpful for securing your server. any comment,suggestion or insult...? wellcome MAB- SECURING IIS by BREAKING ===================================================== by Mount Ararat Blossom 9/15/2000...

Заткнута дырка в IIS (File Permission Canonicalization, Web Server Folder Traversal)

При определенных условиях со специальным образом сконструированной URL доступ к файлу может быть произведен с разрешениями на директорию, вместо разрешений на файл. Кроме того, можно обратиться к любому файлу на диске используя unicode-кодирование в URL...

NSFOCUS Security Advisory 2000.2

ISBASE Security AdvisorySA2000-02 Topic: IIS ISM.DLL truncation exposes file content Release Date: July 17, 2000 Affected software version: =========================== Microsoft Internet Information Server 4.0 Microsoft Internet Information Server 5.0 Platform: ========== Windows NT 4.0 and Windo...

ISBASE Security Advisory(SA2000-02)

ISBASE Security AdvisorySA2000-02 Topic: IIS ISM.DLL truncation exposes file content Release Date: July 17, 2000 Affected software version: =========================== Microsoft Internet Information Server 4.0 Microsoft Internet Information Server 5.0 Platform: ========== Windows NT 4.0 and Windo...

Microsoft IIS /iisadmpwd/aexp2.htr Password Policy Bypass

Microsoft IIS installs the 'aexp2.htr', 'aexp2b.htr', 'aexp3.htr', or 'aexp4.htr' files in the '/iisadmpwd' directory by default. These fiels can be used by an attacker to brute-force a valid username/password. A valid user may also use it to change his password on a locked account, bypassing...

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...

CVE-1999-0725

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page"...

CVE-1999-0278

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL...