RSS   Vulnerabilities for 'Index server'   RSS

2001-09-14
 
CVE-2001-0986

CWE-Other
 
 
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

 
2001-07-21
 
CVE-2001-0500

CWE-Other
 
 
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

 
2001-06-27
 
CVE-2001-0245

CWE-Other
 
 
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.

 
 
CVE-2001-0244

CWE-Other
 
 
Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.

 
2000-03-31
 
CVE-2000-0302

CWE-Other
 
 
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.

 
2000-01-26
 
CVE-2000-0098

CWE-Other
 
 
Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.

 
 
CVE-2000-0097

CWE-Other
 
 
The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.

 
1999-03-23
 
CVE-1999-1397

 
 
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

 
1999-07-19
 
CVE-1999-1011

 
 
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

 

 >>> Vendor: Microsoft 622 Products
Exchange server
Internet information server
Site server
Frontpage
Personal web server
Windows 95
Windows nt
Winsock
IE
Windows 2000
WINS
Netmeeting
WORD
Windows 98
Access
Backoffice
Backoffice resource kit
Office
Outlook
Project
Visual basic
Terminal server
All windows
Excel
Hotmail
Java virtual machine
Commercial internet system
Site server commerce
Windows 98se
Outlook express
Windows explorer
Sql server
Data access components
Index server
Sna server
Zero administration kit
Powerpoint
Msn setup bulletin board services
Visual interdev
Webtv
Office converter pack
Systems management server
Virtual machine
Visual studio
Clip art
Greetings
Home publishing
Data engine
Windows media services
Windows messaging
Windows media rights manager
Proxy server
JET
Active movie control
Photodraw 2000
Works
Money
Network monitor
Windows media player
Indexing service
Windows me
MSDE
Windows xp
Windows script host
PLUS
Windows ce
Isa server
Frontpage server extensions
Services
Windows 2000 terminal services
Interix
Commerce server
Xml core services
Entourage
Msn chat control
Msn messenger
Msn messenger service for exchange
.net framework
Windows 98 plus pack
Microsoft data access components
Visual foxpro
Metadirectory services
Content management server
Tsac activex control
Office web components
Windows help
Ie for macintosh
.net windows server
Directx files viewer control
File transfer manager
Baseline security analyzer
Foundation class library
Windows 2003 server
Network firmware
Windows-nt
Biztalk server
Directx
Visio
Wordperfect converter
Asp.net
See all Products for Vendor Microsoft

Copyright 2024, cxsecurity.com

 

Back to Top