23 matches found
EUVD-2019-9923
Malware in sbrugna...
EUVD-2019-1676
Malware in sbrugna...
CVE-2020-0645
A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'...
CVE-2019-1365
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT...
CVE-2020-0645
A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'...
KB4540693: Windows 10 March 2020 Security Update
The remote Windows host is missing security update 4540693. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability...
KB4538461: Windows 10 Version 1809 and Windows Server 2019 March 2020 Security Update
The remote Windows host is missing security update 4538461. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability...
KB4541505: Windows 8.1 and Windows Server 2012 R2 March 2020 Security Update
The remote Windows host is missing security update 4541505 or cumulative update 4541509. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully...
KB4540670: Windows 10 Version 1607 and Windows Server 2016 March 2020 Security Update
The remote Windows host is missing security update 4540670. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability...
MTN Group: Information Disclosure Microsoft IIS Server service.cnf in a mtn website
Hi there i found a information disclosure Microsoft IIS Server service.cnf file in the website https://www.mtn.co.za/ using firefox. In the following steps i will demonstrate how to reproduce the vulnerability. POC: 1ºGo to the following url: https://www.mtn.co.za/vtipvt/service.cnf you will see:...
CVE-2019-1365
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT...
Privilege escalation
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT...
CVE-2019-1365
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT...
CVE-2019-0941
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To exploit this...
Design/Logic Flaw
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'...
KLA11874 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products ESU. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code, obtain sensitive information, bypass security restrictions, cause denial of service. Below is a complete list of...
Microsoft IIS Server XSS Vulnerability(CVE-2017-0055)
During a penetration test against the infrastructure of one of our clients we discovered a reflected Cross Site Scripting/HTML injection vulnerability in Microsoft Internet Information Services web server. The vulnerability could be exploited, with the help of user interaction, to inject javascri...
CVE-2017-0055
Microsoft Internet Information Server IIS in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run...
Microsoft IIS Server XSS Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request. An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of...
IIS Detailed Error Information Disclosure
The remote Microsoft IIS web server is improperly configured to deliver detailed error messages. These detailed error messages may contain confidential diagnostic information, such as the file system paths to hosted content and logon information. C Tenable Network Security, Inc...