6 matches found
iisPROTECT Encoded URL Authentication Bypass
The remote host is running iisPROTECT, an IIS add-on to protect pages served by the web server. iisPROTECT is affected by an authentication bypass vulnerability due to a failure to recognize basic URL encoding. A remote attacher can exploit this, via hex-encoding requested URLs, to read sensitive...
CVE-2003-0317
iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters...
iDEFENSE Security Advisory 2003-05-22.t
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 05.22.03: http://www.idefense.com/advisory/05.22.03.txt Authentication Bypass in iisPROTECT May 22, 2003 I. BACKGROUND iisPROTECT is designed to provide password protection to web directories similar to the htaccess method...
IISProtect 2.12.2 - Web Administration Interface SQL Injection
IISProtect 2.12.2 - Web Administration Interface SQL Injection source: https://www.securityfocus.com/bid/7675/info The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. Successful...
IISProtect 2.1/2.2 - Web Administration Interface SQL Injection
source: https://www.securityfocus.com/bid/7675/info The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. Successful exploitation could result in a compromise of the IISProtect...
IISProtect 2.1/2.2 - Authentication Bypass
source: https://www.securityfocus.com/bid/7661/info http://www.example.com/%70rotected/secret.html http://www.example.com/protected%2fsecret.html...