New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

CVE-1999-0737

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files...

CVE-1999-0450

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl perl.exe...

CVE-1999-0738

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files...

CVE-1999-0253

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . dot in the URL...

CVE-1999-0736

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files...

CVE-1999-0349

A buffer overflow in the FTP list ls command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands...

CVE-1999-0233

IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files...

EUVD-2002-1971

Malware in sbrugna...

EUVD-2003-1332

Malware in sbrugna...

EUVD-2016-0190

Malware in sbrugna...

EUVD-2007-6470

Malware in sbrugna...

EUVD-2000-0114

Malware in sbrugna...

EUVD-1999-1518

Malware in sbrugna...

CVE-1999-0739

The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files...

CVE-2022-36664

Password Manager for IIS 2.0 has a cross-site scripting XSS vulnerability via the /isapi/PasswordManager.dll ResultURL parameter...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2020-1350. The target product/service or framework is IIS, and the vulnerability class/vector is a deserialization vulnerability. The probable entry point is the applicationhost.config file, and the notable dependency/tooling is the IIS configuration file. The execution contex...

In-depth analysis of the N. S. A. took 5 years of IIS vulnerability-vulnerability warning-the black bar safety net

Source: Xuanwu lab Author: Ke Liu of Tencent’s Xuanwu Lab The 1. Vulnerability description 1.1 exploit description 2017 3 November 27, from South China University of technology the Zhiniang Peng and Chen Wu in GitHub 1 discloses an IIS 6.0 vulnerability exploit code, and specify its may 2016 7...

IIS6. 0 remote command execution shellcode construct-vulnerability warning-the black bar safety net

Author: Vulntor Date: 2017/03/29 0x00 Preface Yesterday broke the iis6. 0 Vulnerability, CVE-2017-7269 of the poc so many web Dog miserable. As a web dog, I also naive to think that a calculator will pop-up, in fact, the process already appeared to calc. exe process, but it does not appear the...

IIS 7 HTTP. sys vulnerability in-depth analysis-vulnerability warning-the black bar safety net

http. sys vulnerability range As the parties in-depth analysis, across a domain managed by Windows HTTP. sys vulnerability of the case is gradually surfaced. Yesterday's announcement of the information mentioned in the Http. sys is a Microsoft Windows processing the HTTP request the kernel driver...