58 matches found
CVE-2009-4444
Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...
CVE-2003-1582
Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...
EUVD-2011-5178
Malware in sbrugna...
EUVD-2003-1572
Malware in sbrugna...
EUVD-2003-1556
Malware in sbrugna...
EUVD-2008-0087
Malware in sbrugna...
CVE-2002-1790
The SMTP service in Microsoft Internet Information Services IIS 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682...
CVE-1999-1591
Microsoft Internet Information Services IIS server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
Trimble Cityworks Deserialization Vulnerability
Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
VulnCheck KEV: CVE-2005-2678
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVERNAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost...
Microsoft Internet Information Services Cross Site Scripting
Cross Site Scripting / HTML injection vulnerability in Microsoft Internet Information Services web server ================================== Versions Affected: MS Internet Information services All platforms and versions ================================== CVE Reference: CVE-2017-0055...
Microsoft Internet Information Services Security Feature Bypass Vulnerability (2982998)
This host is missing an important security update according to Microsoft Bulletin MS14-076. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
PT-2014-5698 · Microsoft · Internet Information Services
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Services IIS versions 8.0 through 8.5 Description: The IP Security feature in Microsoft Internet Information Services IIS does not properly process wildcard allow and deny rules for domains within the "IP Addres...
CVE-2011-5279
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...
Cisco WAAS Mobile Remote Code Execution Vulnerability
Cisco Wide Area Application Services WAAS Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services IIS web server. Cisco has released software...
Microsoft Internet Information Services (IIS) Detection (Windows SMB Login)
SMB login-based detection of Microsoft Internet Information Services IIS. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...