Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Index Server Security Vulnerabilities

cve
cve

CVE-1999-1011

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

7.4AI Score

0.683EPSS

2000-06-02 04:00 AM
48
2
cve
cve

CVE-1999-1397

Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

6.3AI Score

0.015EPSS

2004-09-01 04:00 AM
24
cve
cve

CVE-2000-0097

The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.

6.6AI Score

0.93EPSS

2000-03-22 05:00 AM
52
cve
cve

CVE-2000-0098

Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.

6.6AI Score

0.964EPSS

2000-03-22 05:00 AM
36
cve
cve

CVE-2000-0302

Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.

6.7AI Score

0.967EPSS

2001-05-07 04:00 AM
40
cve
cve

CVE-2001-0244

Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.

7.7AI Score

0.004EPSS

2001-09-18 04:00 AM
24
cve
cve

CVE-2001-0245

Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.

6.5AI Score

0.922EPSS

2001-09-18 04:00 AM
26
cve
cve

CVE-2001-0500

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as common...

7.5AI Score

0.964EPSS

2002-03-09 05:00 AM
327
cve
cve

CVE-2001-0986

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webin...

6.1AI Score

0.958EPSS

2002-02-02 05:00 AM
39