9 matches found
CVE-2001-0500
CVE-2001-0500 is a buffer-overflow in the IDQ ISAPI handler (idq.dll) used by Microsoft IIS Indexing Service/Index Server 2.0 (and IIS 6.0 beta and earlier). The vulnerability allows remote attackers to execute arbitrary commands by sending a long argument to the .ida and .idq entry points (e.g.,...
CVE-2000-0097
The CVE-2000-0097 vulnerability concerns Microsoft IIS WebHits ISAPI Filter used with Microsoft Index Server. The OpenVAS Active Check entries reference MS00-06 and confirm that the WebHits filter allows remote attackers to read arbitrary files via crafted requests (Mal-formed Hit-Highlighting Ar...
CVE-1999-1011
CVE-1999-1011 affects the RDS DataFactory component of Microsoft MDAC used by IIS 3.x/4.x, enabling remote command execution via unsafe DataFactory methods in msadcs.dll. Public docs reference MS99-025 security bulletin and multiple advisories; exploit code and modules exist (e.g., Metasploit MSS...
CVE-2000-0302
Microsoft Index Server WebHits ISAPI filter vulnerability (MS00-06) allows remote attackers to disclose ASP source by requesting null.htw with a crafted CiWebHitsFile argument (via %20). Connected OpenVAS entries describe the WebHits component’s information disclosure and path/file reading issues...
CVE-2001-0986
SQLQHit.asp is a sample component of Microsoft Index Server 2.0 that, when reachable via CiScope values webinfo/extended_fileinfo/extended_webinfo/fileinfo, can disclose directories and file paths on the server. The vulnerability stems from a design/implementation flaw in the SQLQHit CGI that all...
CVE-2000-0098
CVE-2000-0098 describes a path-disclosure vulnerability in Microsoft Index Server/IIS WebHits: remote attackers can determine the real path of a web directory by requesting non-existent Internet Data Query files. OpenVAS notes the issue in MS00-006 (WebHits ISAPI filter) and IDA/IDQ path disclosu...
CVE-2001-0245
Microsoft Index Server 2.0 (Windows NT 4.0) and Indexing Service (Windows 2000) are affected by a vulnerability described as a Malformed Hit-Highlighting issue that allows remote readers to view server-side include files via a crafted search request. The CERT advisory confirms the ability to read...
CVE-1999-1397
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, enabling local and remote users to obtain the physical paths of indexed directories. Affected component: ContentIndex\Catalogs under AllowedPaths. Root cause: registr...
CVE-2001-0244
The CVE-2001-0244 issue concerns Microsoft Index Server 2.0, where a buffer overflow in the index/search parameter handling allows remote attackers to execute arbitrary commands. The core affected component is Microsoft Index Server 2.0 (server-side indexing/search functionality); the root cause ...