7 matches found
microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
No description provided by source. source: http://www.securityfocus.com/bid/950/info Index Server 2.0 is a utility included in the NT 4.0 Option Pack. The functionality provided by Index Service has been built into Windows 2000 as Indexing Services. When combined with IIS, Index Server and Indexi...
CVE-1999-1397
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, enabling local and remote users to obtain the physical paths of indexed directories. Affected component: ContentIndex\Catalogs under AllowedPaths. Root cause: registr...
CVE-2001-0500
CVE-2001-0500 is a buffer-overflow in the IDQ ISAPI handler (idq.dll) used by Microsoft IIS Indexing Service/Index Server 2.0 (and IIS 6.0 beta and earlier). The vulnerability allows remote attackers to execute arbitrary commands by sending a long argument to the .ida and .idq entry points (e.g.,...
CVE-2001-0986
SQLQHit.asp is a sample component of Microsoft Index Server 2.0 that, when reachable via CiScope values webinfo/extended_fileinfo/extended_webinfo/fileinfo, can disclose directories and file paths on the server. The vulnerability stems from a design/implementation flaw in the SQLQHit CGI that all...
CVE-2001-0244
The CVE-2001-0244 issue concerns Microsoft Index Server 2.0, where a buffer overflow in the index/search parameter handling allows remote attackers to execute arbitrary commands. The core affected component is Microsoft Index Server 2.0 (server-side indexing/search functionality); the root cause ...
CVE-2001-0245
Microsoft Index Server 2.0 (Windows NT 4.0) and Indexing Service (Windows 2000) are affected by a vulnerability described as a Malformed Hit-Highlighting issue that allows remote readers to view server-side include files via a crafted search request. The CERT advisory confirms the ability to read...
CVE-2001-0500
Buffer overflow in ISAPI extension idq.dll in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration .ida and Internet Data Query .idq files such as default.ida, as commonly...