EUVD-2001-0244

Malware in sbrugna...

Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space %20 to the end of the filename specified in the 'CiWebHitsFile' variable,...

Microsoft IIS 5.0 IDQ Path Overflow

No description provided by source. $Id: ms01033idq.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/529/info MDAC Microsoft Data Access Components is a package used to integrate web and database services. It includes a component named RDS Remote Data Services. RDS allows remote access via the internet to database object...

Microsoft IIS 5.0 IDQ Path Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft II...

MS01-033 Microsoft IIS 5.0 IDQ Path Overflow

This module exploits a stack buffer overflow in the IDQ ISAPI handler for Microsoft Index Server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS01-033 Microsoft IIS 5.0 IDQ Path Overflow',...

CVE-2001-0986

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to 1 webinfo, 2 extendedfileinfo, 3 extendedwebinfo, or...

CVE-2001-0986

SQLQHit.asp is a sample component of Microsoft Index Server 2.0 that, when reachable via CiScope values webinfo/extended_fileinfo/extended_webinfo/fileinfo, can disclose directories and file paths on the server. The vulnerability stems from a design/implementation flaw in the SQLQHit CGI that all...

CVE-2001-0244

Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter...

CVE-2001-0245

Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability...

Проблемы с DQLHit.asp в MS Index Server &#40;information leakage&#41;

С помощью демонстрационного приложения можно получать сведения о файлах...

Security Vulnerability with Microsoft Index Server 2.0&#40;Sample fil e reveals file info, physical path etc&#41;

Hi I noticed index server sample file is vulnerable which reveals file info and physical path. Vulnerable Microsoft Index Server 2.0 + IIS 4.0 + Windows NT Server 4.0 + Service Pack 6a Details The Index Server Sample file SQLQHit.asp shipped with Microsoft Index Server 2.0 and Option pack 4.0 , i...

CVE-2001-0986

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to 1 webinfo, 2 extendedfileinfo, 3 extendedwebinfo, or...

CVE-2001-0245

Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability...

CVE-2001-0244

Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter...

Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)

/ source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow...

Microsoft Index Server 2.0 Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)

Microsoft Index Server 2.0 Indexing Service Windows 2000 - ISAPI Extension Buffer Overflow 2 / source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the...

Microsoft Index Server/Indexing Service used by IIS 4.0/5.0 contains unchecked buffer used when encoding double-byte characters

Overview A vulnerability exists in the Indexing services used by Microsoft IIS 4.0 and IIS 5.0 running on Windows NT, Windows 2000, and beta versions of Windows XP. Exploitations of this vulnerability allows a remote intruder to run arbitrary code on the victim machine. Description There is a...

Microsoft Index Server 2.0 Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (3)

Microsoft Index Server 2.0 Indexing Service Windows 2000 - ISAPI Extension Buffer Overflow 3 source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dl...

Microsoft Index Server 2.0 Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)

Microsoft Index Server 2.0 Indexing Service Windows 2000 - ISAPI Extension Buffer Overflow 4 source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dl...