Lucene search
K

58 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:54 a.m.18 views

CVE-2009-4444

Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...

6CVSS6.9AI score0.63627EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:39 a.m.15 views

CVE-2003-1582

Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...

2.6CVSS6.2AI score0.10325EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-5178

Malware in sbrugna...

5CVSS6.4AI score0.1924EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-1572

Malware in sbrugna...

2.6CVSS6.4AI score0.10325EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1556

Malware in sbrugna...

5CVSS6.4AI score0.28118EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-0087

Malware in sbrugna...

7.2CVSS6.1AI score0.05967EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/21 10:42 p.m.13 views

CVE-2002-1790

The SMTP service in Microsoft Internet Information Services IIS 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682...

5CVSS6.9AI score0.33967EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:22 p.m.6 views

CVE-1999-1591

Microsoft Internet Information Services IIS server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual...

7.5CVSS7.4AI score0.1127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:25 p.m.11 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS8.9AI score0.28261EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2025/02/07 12:0 a.m.22 views

Trimble Cityworks Deserialization Vulnerability

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...

8.8CVSS7.7AI score0.28261EPSS
In wildExploits0
NVD
NVD
added 2025/02/06 4:15 p.m.22 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS0.28261EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/06 4:1 p.m.18 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.6CVSS7.6AI score0.28261EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/06 4:1 p.m.32 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.6CVSS0.28261EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2018/01/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2005-2678

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVERNAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost...

5CVSS5.8AI score0.39806EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2017/03/16 12:0 a.m.348 views

Microsoft Internet Information Services Cross Site Scripting

Cross Site Scripting / HTML injection vulnerability in Microsoft Internet Information Services web server ================================== Versions Affected: MS Internet Information services All platforms and versions ================================== CVE Reference: CVE-2017-0055...

7.4AI score0.16369EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/11/12 12:0 a.m.360 views

Microsoft Internet Information Services Security Feature Bypass Vulnerability (2982998)

This host is missing an important security update according to Microsoft Bulletin MS14-076. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

5.1CVSS7.5AI score0.18011EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2014/11/11 12:0 a.m.9 views

PT-2014-5698 · Microsoft · Internet Information Services

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Services IIS versions 8.0 through 8.5 Description: The IP Security feature in Microsoft Internet Information Services IIS does not properly process wildcard allow and deny rules for domains within the "IP Addres...

5.1CVSS7.8AI score0.18011EPSS
Exploits0References7
NVD
NVD
added 2014/04/23 8:55 p.m.16 views

CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

5CVSS6.9AI score0.1924EPSS
Exploits1References6
Cisco
Cisco
added 2013/11/06 4:0 p.m.48 views

Cisco WAAS Mobile Remote Code Execution Vulnerability

Cisco Wide Area Application Services WAAS Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services IIS web server. Cisco has released software...

7.5CVSS7.3AI score0.02023EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2012/05/14 12:0 a.m.21 views

Microsoft Internet Information Services (IIS) Detection (Windows SMB Login)

SMB login-based detection of Microsoft Internet Information Services IIS. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7AI score
Exploits0
Rows per page
Query Builder