CVE-2000-0097

The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability...

CVE-1999-0861

CVE-1999-0861 describes a race condition in the SSL ISAPI filter used by IIS and other servers, which may leak information in plaintext. The connected materials reiterate the high-level description but do not specify affected products/versions, root cause details beyond “race condition,” or concr...

CVE-1999-0861

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext...

CVE-1999-0412

CVE-1999-0412 affects IIS and other web servers where the server runs as SYSTEM and loads an ISAPI extension. The underlying issue allows an attacker to execute commands with SYSTEM privileges via the ISAPI extension, enabling high-privilege access on the affected server. Connected documents corr...

CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension...

iis.system.isapi.txt

Date: Mon, 8 Mar 1999 11:27:48 -0500 From: Fabien Royer To: [email protected] Subject: ISAPI Extension vulnerability allows to execute code as SYSTEM There's a vulnerability in IIS and other WEB servers executing as SYSTEM that allows to execute an ISAPI extension in the security...

activeperl.516.dos.txt

Date: Mon, 31 May 1999 07:16:53 -0700 From: Michael Smith To: [email protected] Subject: ActiveState Security Advisory Problem -------- PerlScript and Perl-ISAPI that come with ActivePerl 516 and earlier versions, inadequately check the length of path information sent to open. Due ...

CVE-1999-0861

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext...

Microsoft IIS 2.03.04.0 - ISAPI GetExtensionVersion()

Microsoft IIS 2.03.04.0 - ISAPI GetExtensionVersion source: https://www.securityfocus.com/bid/501/info IIS and potentially other NT web servers have a vulnerability that could allow arbitrary code to be run as SYSTEM. This works because of the way the server calls the GetExtensionVersion function...

Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()

source: https://www.securityfocus.com/bid/501/info IIS and potentially other NT web servers have a vulnerability that could allow arbitrary code to be run as SYSTEM. This works because of the way the server calls the GetExtensionVersion function the first time an ISAPI extension is loaded. Any us...

CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension...

Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration

Microsoft IIS 4 Windows NT - Remote Web-Based Administration source: https://www.securityfocus.com/bid/189/info Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy...

Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration

source: https://www.securityfocus.com/bid/189/info Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy ISAPI DLL ISM.DLL is left in the /scripts/iisadmin directory...