33 matches found
EUVD-2000-0764
Malware in sbrugna...
Chinese DragonRank Hackers Exploit Global Windows Servers in SEO Fraud
DragonRank, a Chinese-speaking hacking group, has compromised 30+ Windows servers globally. They exploit IIS vulnerabilities to manipulate SEO…...
Microsoft IIS HTTP Internal IP Disclosure
Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 win2k, XP and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the...
Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services IIS Could Allow Remote Code Execution 2267960 Published: September 14, 2010 Version: 1.0 General Information Executive Summary This security update resolves two privately reported...
IIS alternative Backdoor-vulnerability warning-the black bar safety net
Finally by the school into the society, found that in fact the school still has much to our nostalgia of the place, and the work is actually quite hard, most Main is Can't often and friends together to play online. On Saturday, back to the trip to the school, in the host room and do network chat...
Tests for Nimda Worm infected HTML files
Your server appears to have been compromised by the Nimda mass mailing worm. It uses various known IIS vulnerabilities to compromise the server. Anyone visiting compromised Web servers will be prompted to download an .eml Outlook Express email file, which contains the worm as an attachment. Also,...
Tests for Nimda Worm infected HTML files
Your server appears to have been compromised by the Nimda mass mailing worm. It uses various known IIS vulnerabilities to compromise the server. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
IIS NNTP Service XPAT Command Vulnerabilities
Advisory ID Internal CORE-2004-0802 Core Security Advisory https://www.coresecurity.com Date Published: 2004-10-12 Last Update: 2004-10-12 Advisory ID: CORE-2004-0802 Bugtraq ID: Not assigned CVE Name: CAN-2004-0574 Title: IIS NNTP Service XPAT Command Vulnerabilities Class: Boundary error...
CVE-1999-1537
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service resource exhaustion via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the...
CVE-2002-0422
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system which may be obscured by NAT via 1 a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or 2 via the WRITE or...
CVE-2002-0419
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which 2 in certain configurations, the server IP address is provided as the realm for Basic authentication, which...
Security Advisory: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
-----BEGIN PGP SIGNED MESSAGE----- Cisco - Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Revision 1.0 Public Release 2002 April 15 18:00 UTC -0400 - ------------------------------------------------------------------------------- Contents Summary Affected Products Details Impact...
Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
...
Advisory CA-2002-09 Multiple Vulnerabilities in Microsoft IIS
CERT Advisory CA-2002-09 Multiple Vulnerabilities in Microsoft IIS Original release date: April 11, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Microsoft IIS 4.0, 5.0, and 5.1 Overview A variety of vulnerabilities exist ...
Microsoft IIS Multiple Vulnerabilities (MS02-018)
This IIS Server appears to be vulnerable to one of the cross-site scripting attacks described in MS02-018. The default '404' file returned by IIS uses scripting to output a link to the top level domain part of the url requested. By crafting a particular URL, it is possible to insert arbitrary...
IIS Unicode Strings
Some of unicodes ... collected by cd http://bastardo.de/ apache ; /MSADC/root.exe?/c+dir /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir...
Nimda Worm Infected HTML File Detection
The remote web server appears to have been compromised by the Nimda mass mailing worm. It uses various known IIS vulnerabilities to compromise the server. Visitors to such a compromised web server may be prompted to download an .eml Outlook Express email file, which contains the worm as an...
CVE-2001-0500
Buffer overflow in ISAPI extension idq.dll in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration .ida and Internet Data Query .idq files such as default.ida, as commonly...
Microsoft IIS 4.0/5.0 - Device File Remote Denial of Service
source: https://www.securityfocus.com/bid/2977/info Microsoft IIS is prone to denial of service attacks by remote attackers. This can occur if the remote attack crafts a URL which tries to pass a script parameter that is a device name. The end result of exploiting this vulnerability is that the...
Security Bulletin MS01-035
---------------------------------------------------------------------- Title: FrontPage Server Extension Sub-Component Contains Unchecked Buffer Date: 21 June 2001 Software: Microsoft Visual Studio RAD Support in FrontPage Server Extensions Impact: Run code of attacker's choice Bulletin: MS01-035...