Microsoft

Internet Information Server

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 10.24%
  • Veröffentlicht 19.02.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:20

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Exploit
  • EPSS 30.55%
  • Veröffentlicht 11.02.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:50:18

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.

  • EPSS 5.13%
  • Veröffentlicht 09.02.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:19

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

  • EPSS 10.65%
  • Veröffentlicht 27.01.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:12

IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.

  • EPSS 17.93%
  • Veröffentlicht 27.01.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:12

A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

  • EPSS 49.53%
  • Veröffentlicht 26.01.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:25

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

  • EPSS 19.03%
  • Veröffentlicht 26.01.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:25

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

  • EPSS 13.63%
  • Veröffentlicht 24.01.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:50:41

Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.

  • EPSS 23.96%
  • Veröffentlicht 14.01.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:50:18

Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.

Exploit
  • EPSS 25.46%
  • Veröffentlicht 14.01.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:50:40

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator'...