cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2017-7269,https://securityvulnerability.io/vulnerability/CVE-2017-7269,,"Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with ""If: <http://"" in a PROPFIND request, as exploited in the wild in July or August 2016.",Microsoft,Internet Information Server,9.8,CRITICAL,0.9715399742126465,true,false,false,true,true,false,false,2017-03-27T01:55:00.000Z,0
CVE-2010-1899,https://securityvulnerability.io/vulnerability/CVE-2010-1899,,"Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka ""IIS Repeated Parameter Request Denial of Service Vulnerability.""",Microsoft,"Internet Information Server,Internet Information Services",,,0.9706100225448608,false,false,false,false,,false,false,2010-09-15T18:00:00.000Z,0
CVE-2010-1256,https://securityvulnerability.io/vulnerability/CVE-2010-1256,,"Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to ""token checking"" that trigger memory corruption, aka ""IIS Authentication Memory Corruption Vulnerability.""",Microsoft,Internet Information Server,,,0.24884000420570374,false,false,false,false,,false,false,2010-06-08T20:00:00.000Z,0
CVE-2003-1582,https://securityvulnerability.io/vulnerability/CVE-2003-1582,,"Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an ""Inverse Lookup Log Corruption (ILLC)"" issue.",Microsoft,Internet Information Server,,,0.001930000027641654,false,false,false,false,,false,false,2010-02-05T22:30:00.000Z,0
CVE-2009-3023,https://securityvulnerability.io/vulnerability/CVE-2009-3023,,"Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka ""IIS FTP Service RCE and DoS Vulnerability.""",Microsoft,Internet Information Server,,,0.970550000667572,false,false,false,false,,false,false,2009-08-31T20:00:00.000Z,0
CVE-2008-0074,https://securityvulnerability.io/vulnerability/CVE-2008-0074,,"Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.",Microsoft,"Internet Information Server,Internet Information Services",,,0.0004199999966658652,false,false,false,false,,false,false,2008-02-12T20:00:00.000Z,0
CVE-2008-0075,https://securityvulnerability.io/vulnerability/CVE-2008-0075,,Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.,Microsoft,Internet Information Server,,,0.7254400253295898,false,false,false,false,,false,false,2008-02-12T20:00:00.000Z,0
CVE-2007-2897,https://securityvulnerability.io/vulnerability/CVE-2007-2897,,"Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.",Microsoft,Internet Information Server,,,0.8674200177192688,false,false,false,false,,false,false,2007-05-30T10:00:00.000Z,0
CVE-2007-0087,https://securityvulnerability.io/vulnerability/CVE-2007-0087,,"Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment.  NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal",Microsoft,Internet Information Server,,,0.7263100147247314,false,false,false,false,,false,false,2007-01-05T18:00:00.000Z,0
CVE-2006-6579,https://securityvulnerability.io/vulnerability/CVE-2006-6579,,"Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.",Microsoft,"Internet Information Server,Internet Information Services",,,0.0007099999929778278,false,false,false,false,,false,false,2006-12-15T19:00:00.000Z,0
CVE-2006-0026,https://securityvulnerability.io/vulnerability/CVE-2006-0026,,"Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).",Microsoft,"Internet Information Server,Internet Information Services",,,0.9612699747085571,false,false,false,false,,false,false,2006-07-11T22:00:00.000Z,0
CVE-2005-2678,https://securityvulnerability.io/vulnerability/CVE-2005-2678,,"Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.",Microsoft,"Internet Information Server,Internet Information Services",,,0.02476000040769577,false,false,false,false,,false,false,2005-08-23T04:00:00.000Z,0
CVE-2005-2089,https://securityvulnerability.io/vulnerability/CVE-2005-2089,,"Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a ""Transfer-Encoding: chunked"" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka ""HTTP Request Smuggling.""",Microsoft,"Internet Information Server,Internet Information Services",,,0.4473299980163574,false,false,false,false,,false,false,2005-07-05T04:00:00.000Z,0
CVE-2003-0718,https://securityvulnerability.io/vulnerability/CVE-2003-0718,,"The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.",Microsoft,"Internet Information Server,Internet Information Services",,,0.9447100162506104,false,false,false,false,,false,false,2004-11-03T05:00:00.000Z,0
CVE-2003-0223,https://securityvulnerability.io/vulnerability/CVE-2003-0223,,"Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.",Microsoft,"Internet Information Services,Internet Information Server",,,0.05435999855399132,false,false,false,false,,false,false,2003-06-09T04:00:00.000Z,0
CVE-2003-0225,https://securityvulnerability.io/vulnerability/CVE-2003-0225,,"The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.",Microsoft,"Internet Information Services,Internet Information Server",,,0.7540900111198425,false,false,false,false,,false,false,2003-06-09T04:00:00.000Z,0
CVE-2002-1694,https://securityvulnerability.io/vulnerability/CVE-2002-1694,,"Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.",Microsoft,"Internet Information Services,Internet Information Server",,,0.007660000119358301,false,false,false,false,,false,false,2002-12-31T05:00:00.000Z,0
CVE-2002-1790,https://securityvulnerability.io/vulnerability/CVE-2002-1790,,"The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.",Microsoft,"Exchange Server,Internet Information Services,Internet Information Server",,,0.08360999822616577,false,false,false,false,,false,false,2002-12-31T05:00:00.000Z,0
CVE-2002-1181,https://securityvulnerability.io/vulnerability/CVE-2002-1181,,"Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.",Microsoft,"Internet Information Services,Internet Information Server",,,0.03776000067591667,false,false,false,false,,false,false,2002-11-12T05:00:00.000Z,0
CVE-2002-0869,https://securityvulnerability.io/vulnerability/CVE-2002-0869,,"Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka ""Out of Process Privilege Elevation.""",Microsoft,"Internet Information Services,Internet Information Server",,,0.05225000157952309,false,false,false,false,,false,false,2002-11-12T05:00:00.000Z,0
CVE-2002-0419,https://securityvulnerability.io/vulnerability/CVE-2002-0419,,"Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request.  NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages.  CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.",Microsoft,"Internet Information Services,Internet Information Server",,,0.024010000750422478,false,false,false,false,,false,false,2002-08-12T04:00:00.000Z,0
CVE-2002-0364,https://securityvulnerability.io/vulnerability/CVE-2002-0364,,"Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka ""Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise.""",Microsoft,"Internet Information Services,Internet Information Server",,,0.8571299910545349,false,false,false,false,,false,false,2002-07-03T04:00:00.000Z,0
CVE-2002-0224,https://securityvulnerability.io/vulnerability/CVE-2002-0224,,"The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.",Microsoft,"Sql Server,Internet Information Services",,,0.06174999848008156,false,false,false,false,,false,false,2002-05-16T04:00:00.000Z,0
CVE-2002-0148,https://securityvulnerability.io/vulnerability/CVE-2002-0148,,"Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.",Microsoft,"Internet Information Services,Internet Information Server",,,0.4035699963569641,false,false,false,false,,false,false,2002-04-22T04:00:00.000Z,0
CVE-2002-0079,https://securityvulnerability.io/vulnerability/CVE-2002-0079,,Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.,Microsoft,"Internet Information Services,Internet Information Server",,,0.9632999897003174,false,false,false,false,,false,false,2002-04-22T04:00:00.000Z,0