313 matches found
[Full-Disclosure] Multiple vulnerabilities in w3who ISAPI DLL
Exaprobe www.exaprobe.com Security Advisory Advisory Name: Multiple vulnerabilities in w3who Release Date: 6 December 2004 Application: Microsoft ISAPI extension w3who.dll Platform: Windows 2000/XP Resource Kit Severity: Remote code execution Author: Nicolas Gregoire [email protected] Vendor...
Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities
The Windows 2000 Resource Kit ships with a DLL that displays the browser client context. It lists security identifiers, privileges and $ENV variables. Nessus has determined that this file is installed on the remote host. The w3who.dll ISAPI may allow an attacker to execute arbitrary commands on...
BadBlue < 2.3 ISAPI Module Remote Administrative Interface Access
Binary data 2177.prm...
BadBlue < 2.3 ISAPI Extension Administrative Actions Bypass
Binary data 1500.prm...
CVE-2003-0702
Vulnerability CVE-2003-0702 affects ISS Server Sensor 7.0 XPU (versions 20.16, 20.18; likely other versions before 20.19) in conjunction with Microsoft IIS over SSL. Affects a specific ISAPI plugin that, when accessed via a certain URL, can cause a denial of service (crash) and potentially allow ...
CVE-2003-0702
Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code in Internet Information Server IIS via a certain URL through SSL...
Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration Enumeration
source: https://www.securityfocus.com/bid/8419/info A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list. When the...
CVE-2003-0349
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services nsiislog.dll, as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll...
Microsoft Security Bulletin MS03-022: Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (Q822343)
-----BEGIN PGP SIGNED MESSAGE----- - - ------------------------------------------------------------------ Title: Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution 822343 Date: 25 June 2003 Software: Microsoftr Windowsr 2000 Impact: Allow an attacker to execute code of...
Microsoft Windows NT 4.0/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/8035/info Microsoft has reported a buffer overflow vulnerability in Windows Media Services. This is due to a problem with how the logging ISAPI extension handles incoming client requests. This could cause arbitrary code execution in IIS, which is...
Microsoft Windows NT 4.02000 - Media Services nsiislog.dll Remote Buffer Overflow
Microsoft Windows NT 4.02000 - Media Services nsiislog.dll Remote Buffer Overflow // source: https://www.securityfocus.com/bid/8035/info Microsoft has reported a buffer overflow vulnerability in Windows Media Services. This is due to a problem with how the logging ISAPI extension handles incoming...
CVE-2003-0332
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension...
Microsoft Security Bulletin MS03-019: Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (817772)
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution 817772 Date: 28 May 2003 Software: Microsoftr Windows NTr 4.0, and Windowsr 2000 Impact: Allow an attacker ...
CVE-2003-0227
Microsoft Windows Media Services ISAPI extension (nsiislog.dll) handling unicast/multicast logging on Windows NT 4.0/2000 is vulnerable. A remote attacker can cause IIS denial of service and execute arbitrary code via a crafted network request. OpenVAS notes active code execution vulnerabilities;...
Microsoft Security Bulletin MS03-019: Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772)
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service 817772 Date: 28 May 2003 Software: Microsoftr Windows NTr 4.0, and Windowsr 2000 Impact: Allow an attack...
CVE-2003-0332
The CVE-2003-0332 vulnerability affects BadBlue ISAPI extension in versions 1.7 through 2.2 (potentially earlier). The issue arises when the ISAPI extension modifies the first two letters of a filename extension after a security check, allowing remote attackers to bypass authentication by using a...
Bad Blue protection bypass
It's possible to bypass ISAPI protection and obtain access to administration interface...
ANHTTPd.txt
Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies such as isolated worker processes usually only seen in production servers. More information on AN HTTPd is available at...
CVE-2002-0801
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file...
CVE-2002-0071
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server IIS 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names...