|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: Ten least secure programs
From: Chris Berry <compjma(at)hotmail.com>
Date: Mon Jun 30 2003 - 20:42:55 EDT
2002-11-05: Microsoft IIS Administrative Pages Cross Site Scripting Vulnerabilities
2002-10-05: Microsoft IIS IDC Extension Cross Site Scripting Vulnerability 2002-09-04: Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability
2002-07-12: Microsoft IIS SMTP Service Encapsulated SMTP Address Vulnerability
2002-05-27: Microsoft IIS 5.0 Denial Of Service Vulnerability 2002-05-07: Microsoft IIS Chunked Encoding Heap Overflow Variant Vulnerability
2002-05-07: Microsoft IIS HTTP Redirect Cross Site Scripting Vulnerability 2002-05-07: Microsoft IIS HTTP Error Page Cross Site Scripting Vulnerability
2002-05-07: Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
2002-05-07: Microsoft IIS ISAPI Filter Access Violation Denial of Service Vulnerability
2002-05-07: Microsoft IIS ASP Server-Side Include Buffer Overflow Vulnerability
2002-05-07: Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability
2002-04-18: Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability 2002-04-16: Microsoft IIS Help File Search Cross Site Scripting Vulnerability
2002-03-05: Microsoft IIS Authentication Method Disclosure Vulnerability 2002-02-14: Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerability
2002-02-12: Microsoft IIS 5.1 Frontpage Server Extensions File Source Disclosure Vulnerability
2002-01-16: Multiple Vendor Unprivileged User Permissions Log File Modification Vulnerability
2001-12-11: Microsoft IIS False Content-Length Field DoS Vulnerability 2001-09-18: MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability
2001-09-10: Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability
2001-08-16: Microsoft IIS WebDAV Invalid Request Denial of Service Vulnerability
2001-08-16: Microsoft IIS 4.0 URL Redirection DoS Vulnerability 2001-08-08: MS IIS Internal IP Address/Internal Network Name Disclosure Vulnerability
2001-03-19: Microsoft IIS WebDAV 'Search' Denial of Service Vulnerability 2001-03-07: Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
2000-10-04: Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability 2000-09-05: Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability
2000-08-14: Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability
2000-08-10: Microsoft IIS 4.0/5.0 File Permission Canonicalization Vulnerability
2000-07-17: Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability 2000-07-14: Microsoft IIS 3.0 .htr Missing Variable Denial of Service Vulnerability
2000-07-13: Microsoft IIS Internal IP Address Disclosure Vulnerability 2000-05-11: Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability
1999-06-01: Microsoft IIS Appended Dot Script Source Disclosure Vulnerability
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.
Received on Wed Jul 2 12:38:45 2003
Date: Mon Jun 30 2003 - 20:42:55 EDT
>From: "dave klimen" <dave@netmedic.net>
>Obviously a lack of experience would cause you to list IIS on this list.
Actually, I was thinking more of this:
2003-06-03: Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of
Service Vulnerability
2003-05-30: Microsoft IIS SSINC.DLL Server Side Includes Buffer Overflow
Vulnerability
2003-05-28: Microsoft IIS ASP Header Denial Of Service Vulnerability
2003-05-28: Microsoft IIS Redirection Error Page Cross-Site Scripting
Vulnerability
2003-05-28: Microsoft Internet Information Service Multiple Vulnerabilities 2003-05-13: Multiple Vendor Invalid X.509 Certificate Chain Vulnerability 2003-05-07: Microsoft IIS WebDAV Denial Of Service Vulnerability 2003-05-03: Microsoft IIS User Existence Disclosure Vulnerability 2003-02-10: Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability 2003-02-07: Microsoft IIS False Logging Weakness 2003-02-06: Microsoft IIS Malformed HTTP Get Request Denial Of ServiceVulnerability
2002-11-05: Microsoft IIS Administrative Pages Cross Site Scripting Vulnerabilities
2002-11-04: Microsoft IIS Out Of Process Privilege Escalation Vulnerability 2002-10-31: Microsoft IIS Script Source Access File Upload Vulnerability 2002-10-31: Multiple Microsoft IIS Vulnerabilities 2002-10-07: Microsoft IIS Malformed HTTP HOST Header Field Denial OfService Vulnerability
2002-10-05: Microsoft IIS IDC Extension Cross Site Scripting Vulnerability 2002-09-04: Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability
2002-07-12: Microsoft IIS SMTP Service Encapsulated SMTP Address Vulnerability
2002-05-27: Microsoft IIS 5.0 Denial Of Service Vulnerability 2002-05-07: Microsoft IIS Chunked Encoding Heap Overflow Variant Vulnerability
2002-05-07: Microsoft IIS HTTP Redirect Cross Site Scripting Vulnerability 2002-05-07: Microsoft IIS HTTP Error Page Cross Site Scripting Vulnerability
2002-05-07: Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
2002-05-07: Microsoft IIS ISAPI Filter Access Violation Denial of Service Vulnerability
2002-05-07: Microsoft IIS ASP Server-Side Include Buffer Overflow Vulnerability
2002-05-07: Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability
2002-05-07: Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability 2002-04-19: Microsoft MSDTC Service Denial of Service Vulnerability 2002-04-18: Microsoft IIS CodeBrws.ASP File Extension Check Out By OneVulnerability
2002-04-18: Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability 2002-04-16: Microsoft IIS Help File Search Cross Site Scripting Vulnerability
2002-03-05: Microsoft IIS Authentication Method Disclosure Vulnerability 2002-02-14: Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerability
2002-02-12: Microsoft IIS 5.1 Frontpage Server Extensions File Source Disclosure Vulnerability
2002-01-16: Multiple Vendor Unprivileged User Permissions Log File Modification Vulnerability
2001-12-11: Microsoft IIS False Content-Length Field DoS Vulnerability 2001-09-18: MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability
2001-09-10: Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability
2001-08-16: Microsoft IIS WebDAV Invalid Request Denial of Service Vulnerability
2001-08-16: Microsoft IIS 4.0 URL Redirection DoS Vulnerability 2001-08-08: MS IIS Internal IP Address/Internal Network Name Disclosure Vulnerability
2001-07-04: Microsoft IIS Device File Remote DoS Vulnerability 2001-07-04: Microsoft IIS Device File Local DoS Vulnerability 2001-06-22: Microsoft IIS Unicode .asp Source Code Disclosure Vulnerability 2001-05-17: IIS WebDav Lock Method Memory Leak DoS Vulnerability 2001-05-16: Microsoft IIS FTP Denial of Service Vulnerability 2001-05-15: Microsoft IIS WebDAV Denial of Service Vulnerability 2001-05-15: Microsoft IIS Multiple Invalid URL Request DoS Vulnerability 2001-05-15: Microsoft IIS Cross Site Scripting .shtml Vulnerability 2001-05-15: Microsoft IIS Various Domain User Account Access Vulnerability 2001-05-07: Microsoft IIS WebDAV 'Propfind' Server Restart Vulnerability 2001-05-07: Microsoft IIS 5.0 .printer ISAPI Extension Buffer OverflowVulnerability
2001-03-19: Microsoft IIS WebDAV 'Search' Denial of Service Vulnerability 2001-03-07: Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
2001-01-30: Microsoft IIS File Fragment Disclosure Vulnerability 2000-12-22: Microsoft IIS Front Page Server Extension DoS Vulnerability 2000-11-06: Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability 2000-11-06: Microsoft IIS Executable File Parsing Vulnerability 2000-10-23: Microsoft IIS 4.0/5.0 Session ID Cookie DisclosureVulnerability
2000-10-04: Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability 2000-09-05: Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability
2000-08-14: Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability
2000-08-10: Microsoft IIS 4.0/5.0 File Permission Canonicalization Vulnerability
2000-07-17: Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability 2000-07-14: Microsoft IIS 3.0 .htr Missing Variable Denial of Service Vulnerability
2000-07-13: Microsoft IIS Internal IP Address Disclosure Vulnerability 2000-05-11: Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability
2000-05-11: Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability 2000-05-10: Microsoft IIS 4.0/5.0 Malformed .htr Request Vulnerability 2000-05-06: Microsoft Frontpage Server Extensions Path DisclosureVulnerability
2000-04-12: Microsoft IIS 4.0/5.0 Escaped Characters Vulnerability 2000-03-30: Microsoft IIS UNC Mapped Virtual Host Vulnerability 2000-03-20: Microsoft IIS 4.0 Chunked Transfer Encoding Buffer OverflowVulnerability
2000-03-08: Microsoft IIS UNC Path Disclosure Vulnerability 2000-02-15: Microsoft IIS 4.0 Pickup Directory DoS Vulnerability 2000-02-09: NT IIS ASP VBScript Runtime Error Viewable Source Vulnerability 2000-02-02: NT IIS idq.dll Directory Traversal Vulnerability 1999-12-21: Microsoft IIS Virtual Directory Naming Vulnerability 1999-12-21: Microsoft IIS Escape Character Parsing Vulnerability 1999-12-02: IIS / Site Server Multithread SSL Vulnerability 1999-09-23: Microsoft IIS 4.0 Domain Resolution Vulnerability 1999-09-23: Microsoft IIS FTP NO ACCESS Read/Delete File Vulnerability 1999-08-16: Microsoft IIS And PWS 8.3 Directory Name Vulnerability 1999-08-11: NT IIS Malformed HTTP Request Header DoS Vulnerability 1999-07-19: NT IIS MDAC RDS Vulnerability 1999-07-07: NT IIS SSL DoS Vulnerability 1999-07-06: Sun Java HotSpot DoS Vulnerability 1999-06-24: NT IIS Double Byte Code Page Vulnerability 1999-06-15: NT IIS4 Buffer Overflow Vulnerability 1999-06-01: NT IIS ASP Alternate Data Streams Vulnerability 1999-06-01: NT IIS Showcode ASP Vulnerability 1999-06-01: NT IIS4 Remote Web-Based Administration Vulnerability 1999-06-01: Microsoft VisualInterDev 6.0 - IIS4 - Mgmt with noauthentication Vulnerability
1999-06-01: NT IIS4 Log Avoidance Vulnerability 1999-06-01: NT IIS FTP DoS / Buffer Overflow Vulnerability 1999-06-01: NT IIS4 DoS - ExAir Sample Site Vulnerability 1999-06-01: NT IIS IISAPI Extension Enumerate Root Web Server DirectoryVulnerability
1999-06-01: NT IIS4 Shared ASP Cache Vulnerability 1999-06-01: NT Using ASP And FSO To Read Server Files Vulnerability 1999-06-01: Microsoft JET Database Engine VBA Vulnerability 1999-06-01: NT IIS ISAPI GetExtensionVersion() Vulnerability 1999-06-01: Multiple Vendor PKCS#1 Vulnerability 1999-06-01: Microsoft IIS 3.0 "%2e" ASP Source Disclosure Vulnerability 1999-06-01: Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability 1999-06-01: Multiple Vendor .BAT/.CMD Remote Command ExecutionVulnerability
1999-06-01: Microsoft IIS Appended Dot Script Source Disclosure Vulnerability
1999-06-01: Microsoft IIS 4.0 IISADMPWD Proxied Password Attack 1999-06-01: Microsoft IIS '../..' Denial of Service Vulnerability 1999-06-01: IIS 4.0 fpcount.exe Buffer Overflow Vulnerability 1999-06-01: Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability 1999-06-01: Microsoft IIS Long URL Denial of Service Vulnerability
But if you have an actual arguement I'd be happy to hear it.
Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates
"Encrypt everything, and ask questions later."
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
Received on Wed Jul 2 12:38:45 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:05:23 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |