91 matches found
CVE-2009-4444
Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...
CVE-2003-1582
Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...
PT-2025-52588
CVE-2025-68483 - Microsoft IIS HTTP Header Injection CVE ID : CVE-2025-68483 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
EUVD-2008-0087
Malware in sbrugna...
EUVD-2004-0205
Malware in sbrugna...
EUVD-2002-1674
Malware in sbrugna...
EUVD-2011-5178
Malware in sbrugna...
EUVD-2003-1556
Malware in sbrugna...
EUVD-2003-1572
Malware in sbrugna...
EUVD-2003-0218
Malware in sbrugna...
EUVD-2024-16694
Malicious code in bioql PyPI...
CVE-2002-1790
The SMTP service in Microsoft Internet Information Services IIS 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682...
CVE-2002-1718
Microsoft Internet Information Server IIS 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension FPSE file, as claimed using an HTTP request for colegal.htm that contains .. dot dot sequences...
CVE-1999-1591
Microsoft Internet Information Services IIS server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
Trimble Cityworks Deserialization Vulnerability
Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
VulnCheck KEV: CVE-2005-2678
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVERNAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost...