4 matches found
CVE-2001-0500
CVE-2001-0500 is a buffer-overflow in the IDQ ISAPI handler (idq.dll) used by Microsoft IIS Indexing Service/Index Server 2.0 (and IIS 6.0 beta and earlier). The vulnerability allows remote attackers to execute arbitrary commands by sending a long argument to the .ida and .idq entry points (e.g.,...
CVE-2000-0942
CVE-2000-0942 affects the CiWebHitsFile component of Microsoft Indexing Services for Windows 2000. The vulnerability allows remote attackers to perform a cross-site scripting (XSS) attack via a CiRestriction parameter in a .htw request. The NVD/connected records confirm the impact as a partial co...
CVE-2001-0245
Microsoft Index Server 2.0 (Windows NT 4.0) and Indexing Service (Windows 2000) are affected by a vulnerability described as a Malformed Hit-Highlighting issue that allows remote readers to view server-side include files via a crafted search request. The CERT advisory confirms the ability to read...
CVE-2000-1105
The CVE-2000-1105 vulnerability relates to the ixsso.query ActiveX control, which is incorrectly marked safe-for-scripting. CERT details show that Index Server 2.0 and Indexing Service 3.0 expose a web-accessible interface allowing remote attackers to enumerate local files on a Windows 2000 syste...