Vulnerabilities (CVE)

Vendor filter

Microsoft Subscribe

Product filter

Iis Subscribe

Filter

21 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-3972 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 10.0
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a...
CVE-2012-2531 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 2.1
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
CVE-2010-1256 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 8.5
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory...
CVE-2010-2730 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 9.3
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
CVE-2010-1899 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 4.3
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka...
CVE-2009-3555 8 Mozilla, Openssl, Microsoft and 5 more 9 Openssl, Nss, Iis and 6 more 2019-07-03 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network...
CVE-2008-1446 1 Microsoft 6 Windows Server 2008, Windows Xp, Iis and 3 more 2019-07-03 9.0
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated...
CVE-2008-0074 1 Microsoft 3 Iis, Internet Information Server, Internet Information Services 2019-07-03 7.2
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
CVE-2009-2521 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 2.6
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard...
CVE-2017-7269 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 10.0
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If:...
CVE-2009-3023 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 9.3
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory...
CVE-2009-1535 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 7.6
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an...
CVE-2003-1582 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 2.6
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as...
CVE-2009-4444 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 6.0
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party...
CVE-2010-2731 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 6.8
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a...
CVE-2011-5279 1 Microsoft 2 Iis, Internet Information Server 2019-07-03 6.4
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline)...
CVE-2009-1122 1 Microsoft 1 Iis 2018-10-12 7.6
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request,...
CVE-2008-4301 1 Microsoft 1 Iis 2018-10-11 10.0
** DISPUTED ** A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a...
CVE-2008-4300 1 Microsoft 1 Iis 2018-10-11 5.0
A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was...
CVE-2015-2808 9 Google, Apple, Oracle and 6 more 10 Glassfish, Opera Browser, Glassfish Enterprise Server and 7 more 2018-01-18 4.3
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the...