· 6 years ago · Nov 13, 2019, 06:52 PM
1#######################################################################################################################################
2======================================================================================================================================
3Hostname www.mkutup.gov.tr ISP National Library of Turkey
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Unknown Local time 13 Nov 2019 17:27 +03
8City Unknown Postal Code Unknown
9IP Address 176.117.96.21 Latitude 41.021
10 Longitude 28.995
11======================================================================================================================================
12#######################################################################################################################################
13> www.mkutup.gov.tr
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.mkutup.gov.tr
19Address: 176.117.96.21
20Name: www.mkutup.gov.tr
21Address: 2001:67c:2988:c096::21
22>
23#######################################################################################################################################
24** Domain Name: mkutup.gov.tr
25
26** Registrant:
27 T. C. Kültür ve Turizm Bakanlığı Milli Kütüphane Başkanlığı
28 Milli Kütüphane Başkanlığı Bahçelievler Son Durak
29 06490
30 Ankara,
31 Türkiye
32 info@mkutup.gov.tr
33 + 90-312-2223812-
34 + 90-312-2230451
35
36
37** Administrative Contact:
38NIC Handle : mkb23-metu
39Organization Name : Milli Kütüphane Başkanlığı
40Address : Hidden upon user request
41Phone : Hidden upon user request
42Fax : Hidden upon user request
43
44
45** Technical Contact:
46NIC Handle : mkb23-metu
47Organization Name : Milli Kütüphane Başkanlığı
48Address : Hidden upon user request
49Phone : Hidden upon user request
50Fax : Hidden upon user request
51
52
53** Billing Contact:
54NIC Handle : mkb23-metu
55Organization Name : Milli Kütüphane Başkanlığı
56Address : Hidden upon user request
57Phone : Hidden upon user request
58Fax : Hidden upon user request
59
60
61** Domain Servers:
62ns1.mkutup.gov.tr 176.117.96.10 2001:67c:2988:c096::10
63ns2.mkutup.gov.tr 176.117.96.20 2001:67c:2988:c096::20
64
65** Additional Info:
66Created on..............: 1997-May-26.
67Expires on..............: 2021-May-25.
68#######################################################################################################################################
69[+] Target : www.mkutup.gov.tr
70
71[+] IP Address : 176.117.96.21
72
73[+] Headers :
74
75[+] Cache-Control : private, max-age=0
76[+] Content-Type : text/html; charset=utf-8
77[+] Content-Encoding : gzip
78[+] Expires : Tue, 29 Oct 2019 14:32:41 GMT
79[+] Last-Modified : Wed, 13 Nov 2019 14:32:41 GMT
80[+] Vary : Accept-Encoding
81[+] Server : Microsoft-IIS/7.5
82[+] X-SharePointHealthScore : 0
83[+] X-AspNet-Version : 4.0.30319
84[+] SPRequestGuid : b175179f-3ee4-e08e-bb98-e638ecad2ba5
85[+] request-id : b175179f-3ee4-e08e-bb98-e638ecad2ba5
86[+] X-FRAME-OPTIONS : SAMEORIGIN
87[+] SPRequestDuration : 15
88[+] SPIisLatency : 0
89[+] X-Powered-By : ASP.NET
90[+] MicrosoftSharePointTeamServices : 15.0.0.4420
91[+] X-Content-Type-Options : nosniff
92[+] X-MS-InvokeApp : 1; RequireReadOnly
93[+] Date : Wed, 13 Nov 2019 14:32:41 GMT
94[+] Content-Length : 597
95
96[+] SSL Certificate Information :
97
98[-] SSL is not Present on Target URL...Skipping...
99
100[+] Whois Lookup :
101
102[+] NIR : None
103[+] ASN Registry : ripencc
104[+] ASN : 58151
105[+] ASN CIDR : 176.117.96.0/21
106[+] ASN Country Code : TR
107[+] ASN Date : 2012-05-15
108[+] ASN Description : MKUTUP-MAIN-AS Main Autonomous System Number, TR
109[+] cidr : 176.117.96.0/21
110[+] name : MKUTUP-IPV4-NET
111[+] handle : NLOT2002-RIPE
112[+] range : 176.117.96.0 - 176.117.103.255
113[+] description : IPv4 Address Block - 01
114[+] country : TR
115[+] state : None
116[+] city : None
117[+] address : Milli Kutuphane Baskanligi, Bahcelievler Son Durak
11806490
119Ankara
120TURKEY
121[+] postal_code : None
122[+] emails : None
123[+] created : 2012-05-15T11:36:06Z
124[+] updated : 2016-04-14T10:23:57Z
125
126[+] Crawling Target...
127
128[+] Looking for robots.txt........[ Not Found ]
129[+] Looking for sitemap.xml.......[ Not Found ]
130[+] Extracting CSS Links..........[ 0 ]
131[+] Extracting Javascript Links...[ 0 ]
132[+] Extracting Internal Links.....[ 0 ]
133[+] Extracting External Links.....[ 0 ]
134[+] Extracting Images.............[ 0 ]
135
136[+] Total Links Extracted : 0
137
138[+] Completed!
139#######################################################################################################################################
140[+] Starting At 2019-11-13 09:33:23.279712
141[+] Collecting Information On: http://www.mkutup.gov.tr/
142[#] Status: 200
143--------------------------------------------------
144[#] Web Server Detected: Microsoft-IIS/7.5
145[#] X-Powered-By: ASP.NET
146- Cache-Control: private, max-age=0
147- Content-Type: text/html; charset=utf-8
148- Content-Encoding: gzip
149- Expires: Tue, 29 Oct 2019 14:33:27 GMT
150- Last-Modified: Wed, 13 Nov 2019 14:33:27 GMT
151- Vary: Accept-Encoding
152- Server: Microsoft-IIS/7.5
153- X-SharePointHealthScore: 0
154- X-AspNet-Version: 4.0.30319
155- SPRequestGuid: bc75179f-7efd-e08e-bb98-e5f8de8faa88
156- request-id: bc75179f-7efd-e08e-bb98-e5f8de8faa88
157- X-FRAME-OPTIONS: SAMEORIGIN
158- SPRequestDuration: 14
159- SPIisLatency: 0
160- X-Powered-By: ASP.NET
161- MicrosoftSharePointTeamServices: 15.0.0.4420
162- X-Content-Type-Options: nosniff
163- X-MS-InvokeApp: 1; RequireReadOnly
164- Date: Wed, 13 Nov 2019 14:33:27 GMT
165- Content-Length: 627
166--------------------------------------------------
167[#] Finding Location..!
168[#] status: success
169[#] country: Turkey
170[#] countryCode: TR
171[#] region: 06
172[#] regionName: Ankara
173[#] city: Ankara
174[#] zip:
175[#] lat: 39.9163
176[#] lon: 32.8267
177[#] timezone: Europe/Istanbul
178[#] isp: National Library of Turkey
179[#] org: National Library of Turkey
180[#] as: AS58151 National Library of Turkey
181[#] query: 176.117.96.21
182--------------------------------------------------
183[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
184--------------------------------------------------
185[#] Starting Reverse DNS
186[-] Failed ! Fail
187--------------------------------------------------
188[!] Scanning Open Port
189[#] 80/tcp open http
190[#] 443/tcp open https
191--------------------------------------------------
192[+] Collecting Information Disclosure!
193[#] Detecting sitemap.xml file
194[-] sitemap.xml file not Found!?
195[#] Detecting robots.txt file
196[-] robots.txt file not Found!?
197[#] Detecting GNU Mailman
198[-] GNU Mailman App Not Detected!?
199--------------------------------------------------
200[+] Crawling Url Parameter On: http://www.mkutup.gov.tr/SitePages/default.aspx
201--------------------------------------------------
202[#] Searching Html Form !
203[+] Html Form Discovered
204[#] action: ./default.aspx
205[#] class: None
206[#] id: form1
207[#] method: post
208--------------------------------------------------
209[-] No DOM Paramter Found!?
210--------------------------------------------------
211[-] No internal Dynamic Parameter Found!?
212--------------------------------------------------
213[-] No external Dynamic Paramter Found!?
214--------------------------------------------------
215[!] 1 Internal links Discovered
216[+] http://www.mkutup.gov.tr///tr
217--------------------------------------------------
218[-] No External Link Found!?
219--------------------------------------------------
220[#] Mapping Subdomain..
221[!] Found 22 Subdomain
222- mkutup.gov.tr
223- ns1.mkutup.gov.tr
224- ns2.mkutup.gov.tr
225- turkiyebib.mkutup.gov.tr
226- dijital-kutuphane.mkutup.gov.tr
227- kasif.mkutup.gov.tr
228- e-derlemevg.mkutup.gov.tr
229- sureli.mkutup.gov.tr
230- uyelik.mkutup.gov.tr
231- konusankitaplik.mkutup.gov.tr
232- mail.mkutup.gov.tr
233- mksun.mkutup.gov.tr
234- euygulamalar.mkutup.gov.tr
235- bibliyografyalar.mkutup.gov.tr
236- tasplaklar.mkutup.gov.tr
237- ekaynaklar.mkutup.gov.tr
238- eyayinlar.mkutup.gov.tr
239- guzelsanatlar.mkutup.gov.tr
240- makaleler.mkutup.gov.tr
241- moonlight.mkutup.gov.tr
242- mailgw.mkutup.gov.tr
243- www.mkutup.gov.tr
244--------------------------------------------------
245[!] Done At 2019-11-13 09:37:51.198704
246#######################################################################################################################################
247[i] Scanning Site: http://www.mkutup.gov.tr
248
249
250
251B A S I C I N F O
252====================
253
254
255[+] Site Title:
256 Untitled 1
257
258[+] IP address: 176.117.96.21
259[+] Web Server: Microsoft-IIS/7.5
260[+] CMS: Could Not Detect
261[+] Cloudflare: Not Detected
262[+] Robots File: Could NOT Find robots.txt!
263
264
265
266
267W H O I S L O O K U P
268========================
269
270 ** Domain Name: mkutup.gov.tr
271
272** Registrant:
273 T. C. Kültür ve Turizm Bakanlığı Milli Kütüphane Başkanlığı
274 Milli Kütüphane Başkanlığı Bahçelievler Son Durak
275 06490
276 Ankara,
277 Türkiye
278 info@mkutup.gov.tr
279 + 90-312-2223812-
280 + 90-312-2230451
281
282
283** Administrative Contact:
284NIC Handle : mkb23-metu
285Organization Name : Milli Kütüphane Başkanlığı
286Address : Hidden upon user request
287Phone : Hidden upon user request
288Fax : Hidden upon user request
289
290
291** Technical Contact:
292NIC Handle : mkb23-metu
293Organization Name : Milli Kütüphane Başkanlığı
294Address : Hidden upon user request
295Phone : Hidden upon user request
296Fax : Hidden upon user request
297
298
299** Billing Contact:
300NIC Handle : mkb23-metu
301Organization Name : Milli Kütüphane Başkanlığı
302Address : Hidden upon user request
303Phone : Hidden upon user request
304Fax : Hidden upon user request
305
306
307** Domain Servers:
308ns1.mkutup.gov.tr 176.117.96.10 2001:67c:2988:c096::10
309ns2.mkutup.gov.tr 176.117.96.20 2001:67c:2988:c096::20
310
311** Additional Info:
312Created on..............: 1997-May-26.
313Expires on..............: 2021-May-25.
314
315
316
317
318G E O I P L O O K U P
319=========================
320
321[i] IP Address: 176.117.96.21
322[i] Country: Turkey
323[i] State:
324[i] City:
325[i] Latitude: 41.0214
326[i] Longitude: 28.9948
327
328
329
330
331H T T P H E A D E R S
332=======================
333
334
335[i] HTTP/1.1 302 Redirect
336[i] Content-Type: text/html; charset=UTF-8
337[i] Location: http://www.mkutup.gov.tr/SitePages/default.aspx
338[i] Server: Microsoft-IIS/7.5
339[i] X-SharePointHealthScore: 0
340[i] SPRequestGuid: da75179f-1e5c-e08e-bb98-e7b8ef158027
341[i] request-id: da75179f-1e5c-e08e-bb98-e7b8ef158027
342[i] X-FRAME-OPTIONS: SAMEORIGIN
343[i] SPRequestDuration: 6
344[i] SPIisLatency: 0
345[i] X-Powered-By: ASP.NET
346[i] MicrosoftSharePointTeamServices: 15.0.0.4420
347[i] X-Content-Type-Options: nosniff
348[i] X-MS-InvokeApp: 1; RequireReadOnly
349[i] Date: Wed, 13 Nov 2019 14:35:27 GMT
350[i] Connection: close
351[i] Content-Length: 170
352[i] HTTP/1.1 200 OK
353[i] Cache-Control: private, max-age=0
354[i] Content-Type: text/html; charset=utf-8
355[i] Expires: Tue, 29 Oct 2019 14:35:35 GMT
356[i] Last-Modified: Wed, 13 Nov 2019 14:35:35 GMT
357[i] Server: Microsoft-IIS/7.5
358[i] X-SharePointHealthScore: 0
359[i] X-AspNet-Version: 4.0.30319
360[i] SPRequestGuid: dc75179f-4e40-e08e-bb98-eaf207a0401c
361[i] request-id: dc75179f-4e40-e08e-bb98-eaf207a0401c
362[i] X-FRAME-OPTIONS: SAMEORIGIN
363[i] SPRequestDuration: 13
364[i] SPIisLatency: 0
365[i] X-Powered-By: ASP.NET
366[i] MicrosoftSharePointTeamServices: 15.0.0.4420
367[i] X-Content-Type-Options: nosniff
368[i] X-MS-InvokeApp: 1; RequireReadOnly
369[i] Date: Wed, 13 Nov 2019 14:35:34 GMT
370[i] Connection: close
371[i] Content-Length: 725
372
373
374
375
376D N S L O O K U P
377===================
378
379mkutup.gov.tr. 10799 IN SOA ns1.mkutup.gov.tr. bim.mkutup.gov.tr. 2016030103 3600 900 604800 10800
380mkutup.gov.tr. 10799 IN NS ns1.mkutup.gov.tr.
381mkutup.gov.tr. 10799 IN NS ns2.mkutup.gov.tr.
382mkutup.gov.tr. 10799 IN A 176.117.96.21
383mkutup.gov.tr. 10799 IN AAAA 2001:67c:2988:c096::21
384mkutup.gov.tr. 10799 IN MX 10 mailgw.mkutup.gov.tr.
385mkutup.gov.tr. 10799 IN TXT "v=spf1 ip4:176.117.96.0/24 -all"
386
387
388
389
390S U B N E T C A L C U L A T I O N
391====================================
392
393Address = 2001:67c:2988:c096::21
394Network = 2001:67c:2988:c096::21 / 128
395Netmask = ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
396Wildcard Mask = ::
397Hosts Bits = 0
398Max. Hosts = 0 (2^0 - 1)
399Host Range = { 2001:67c:2988:c096::22 - 2001:67c:2988:c096::21 }
400
401
402
403N M A P P O R T S C A N
404============================
405
406Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-13 14:35 UTC
407Nmap scan report for mkutup.gov.tr (176.117.96.21)
408Host is up (0.13s latency).
409Other addresses for mkutup.gov.tr (not scanned): 2001:67c:2988:c096::21
410
411PORT STATE SERVICE
41221/tcp filtered ftp
41322/tcp filtered ssh
41423/tcp filtered telnet
41580/tcp open http
416110/tcp filtered pop3
417143/tcp filtered imap
418443/tcp open https
4193389/tcp filtered ms-wbt-server
420
421Nmap done: 1 IP address (1 host up) scanned in 5.98 seconds
422
423
424
425S U B - D O M A I N F I N D E R
426==================================
427
428
429[i] Total Subdomains Found : 21
430
431[+] Subdomain: ns1.mkutup.gov.tr
432[-] IP: 176.117.96.10
433
434[+] Subdomain: ns2.mkutup.gov.tr
435[-] IP: 176.117.96.20
436
437[+] Subdomain: turkiyebib.mkutup.gov.tr
438[-] IP: 176.117.96.38
439
440[+] Subdomain: dijital-kutuphane.mkutup.gov.tr
441[-] IP: 176.117.96.80
442
443[+] Subdomain: kasif.mkutup.gov.tr
444[-] IP: 176.117.96.38
445
446[+] Subdomain: e-derlemevg.mkutup.gov.tr
447[-] IP: 176.117.96.47
448
449[+] Subdomain: sureli.mkutup.gov.tr
450[-] IP: 176.117.96.7
451
452[+] Subdomain: uyelik.mkutup.gov.tr
453[-] IP: 176.117.96.77
454
455[+] Subdomain: konusankitaplik.mkutup.gov.tr
456[-] IP: 176.117.96.40
457
458[+] Subdomain: mail.mkutup.gov.tr
459[-] IP: 176.117.96.34
460
461[+] Subdomain: mksun.mkutup.gov.tr
462[-] IP: 176.117.96.72
463
464[+] Subdomain: euygulamalar.mkutup.gov.tr
465[-] IP: 176.117.96.5
466
467[+] Subdomain: bibliyografyalar.mkutup.gov.tr
468[-] IP: 176.117.96.32
469
470[+] Subdomain: tasplaklar.mkutup.gov.tr
471[-] IP: 176.117.96.39
472
473[+] Subdomain: ekaynaklar.mkutup.gov.tr
474[-] IP: 176.117.96.223
475
476[+] Subdomain: eyayinlar.mkutup.gov.tr
477[-] IP: 176.117.96.4
478
479[+] Subdomain: guzelsanatlar.mkutup.gov.tr
480[-] IP: 176.117.96.13
481
482[+] Subdomain: makaleler.mkutup.gov.tr
483[-] IP: 176.117.96.24
484
485[+] Subdomain: moonlight.mkutup.gov.tr
486[-] IP: 176.117.96.71
487
488[+] Subdomain: mailgw.mkutup.gov.tr
489[-] IP: 176.117.96.35
490
491[+] Subdomain: www.mkutup.gov.tr
492[-] IP: 176.117.96.21
493#######################################################################################################################################
494[INFO] ------TARGET info------
495[*] TARGET: http://www.mkutup.gov.tr/SitePages/default.aspx
496[*] TARGET IP: 176.117.96.21
497[INFO] NO load balancer detected for www.mkutup.gov.tr...
498[*] DNS servers: ns1.mkutup.gov.tr.
499[*] TARGET server: Microsoft-IIS/7.5
500[*] CC: TR
501[*] Country: Turkey
502[*] RegionCode: 06
503[*] RegionName: Ankara
504[*] City: Ankara
505[*] ASN: AS58151
506[*] BGP_PREFIX: 176.117.96.0/21
507[*] ISP: MKUTUP-MAIN-AS National Library of Turkey, TR
508[INFO] DNS enumeration:
509[*] mail.mkutup.gov.tr 176.117.96.34
510[*] ns1.mkutup.gov.tr 176.117.96.10
511[*] ns2.mkutup.gov.tr 176.117.96.20
512[*] test.mkutup.gov.tr 176.117.96.48
513[INFO] Possible abuse mails are:
514[*] abuse@mkutup.gov.tr
515[*] abuse@www.mkutup.gov.tr
516[*] erdal@mkutup.gov.tr
517[INFO] NO PAC (Proxy Auto Configuration) file FOUND
518[INFO] Checking for HTTP status codes recursively from /SitePages/default.aspx
519[INFO] Status code Folders
520[*] 200 http://www.mkutup.gov.tr/SitePages/
521[INFO] Starting FUZZing in http://www.mkutup.gov.tr/FUzZzZzZzZz...
522[INFO] Status code Folders
523[ALERT] Look in the source code. It may contain passwords
524[INFO] SAME content in http://www.mkutup.gov.tr/ AND http://176.117.96.21/
525[INFO] Links found from http://www.mkutup.gov.tr/SitePages/default.aspx:
526cut: intervalle de champ incorrecte
527Saisissez « cut --help » pour plus d'informations.
528[INFO] Shodan detected the following opened ports on 176.117.96.21:
529[*] 443
530[*] 50
531[*] 80
532[INFO] ------VirusTotal SECTION------
533[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
534[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
535[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
536[INFO] ------Alexa Rank SECTION------
537[INFO] Percent of Visitors Rank in Country:
538[INFO] Percent of Search Traffic:
539[INFO] Percent of Unique Visits:
540[INFO] Total Sites Linking In:
541[*] Total Sites
542[INFO] Useful links related to www.mkutup.gov.tr - 176.117.96.21:
543[*] https://www.virustotal.com/pt/ip-address/176.117.96.21/information/
544[*] https://www.hybrid-analysis.com/search?host=176.117.96.21
545[*] https://www.shodan.io/host/176.117.96.21
546[*] https://www.senderbase.org/lookup/?search_string=176.117.96.21
547[*] https://www.alienvault.com/open-threat-exchange/ip/176.117.96.21
548[*] http://pastebin.com/search?q=176.117.96.21
549[*] http://urlquery.net/search.php?q=176.117.96.21
550[*] http://www.alexa.com/siteinfo/www.mkutup.gov.tr
551[*] http://www.google.com/safebrowsing/diagnostic?site=www.mkutup.gov.tr
552[*] https://censys.io/ipv4/176.117.96.21
553[*] https://www.abuseipdb.com/check/176.117.96.21
554[*] https://urlscan.io/search/#176.117.96.21
555[*] https://github.com/search?q=176.117.96.21&type=Code
556[INFO] Useful links related to AS58151 - 176.117.96.0/21:
557[*] http://www.google.com/safebrowsing/diagnostic?site=AS:58151
558[*] https://www.senderbase.org/lookup/?search_string=176.117.96.0/21
559[*] http://bgp.he.net/AS58151
560[*] https://stat.ripe.net/AS58151
561[INFO] Date: 13/11/19 | Time: 09:35:31
562[INFO] Total time: 2 minute(s) and 4 second(s)
563#######################################################################################################################################
564; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace mkutup.gov.tr
565;; global options: +cmd
566. 85002 IN NS c.root-servers.net.
567. 85002 IN NS j.root-servers.net.
568. 85002 IN NS m.root-servers.net.
569. 85002 IN NS l.root-servers.net.
570. 85002 IN NS g.root-servers.net.
571. 85002 IN NS i.root-servers.net.
572. 85002 IN NS h.root-servers.net.
573. 85002 IN NS f.root-servers.net.
574. 85002 IN NS k.root-servers.net.
575. 85002 IN NS b.root-servers.net.
576. 85002 IN NS d.root-servers.net.
577. 85002 IN NS a.root-servers.net.
578. 85002 IN NS e.root-servers.net.
579. 85002 IN RRSIG NS 8 0 518400 20191126050000 20191113040000 22545 . bmeCHziHqbY/OSbC6p8JXB+317Ef9N2OUQEwhmjI/0xAP5qiZmQOVsjq NMad9a3iklqmRRccVRou4BmCacQD1jbufkr7Jfg7ocFevHHGvwK0gSsb pFjc90dAL0oXnVuwwXujdTbFRhecbtKZT0TCSX57X2toW2KDiOlFU6RM 8fCDG6P5J4WUPpzZBqNMWP356hiOZ2O7VoYZ4nmkhv5TPtRVJ9X8IaMF GuEGhBpCDdNr2rhHqodiqJE1NG9GVBvNFem2TkQwrE8mLixwIsinr8lp x7EREXlFCu21XRK1f/z0r65KhrYODwz0ljECmR04rdQ9OghBOCGE6KaT EcLCKQ==
580;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 209 ms
581
582tr. 172800 IN NS ns21.nic.tr.
583tr. 172800 IN NS ns41.nic.tr.
584tr. 172800 IN NS ns42.nic.tr.
585tr. 172800 IN NS ns92.nic.tr.
586tr. 172800 IN NS ns22.nic.tr.
587tr. 172800 IN NS ns31.nic.tr.
588tr. 172800 IN NS ns91.nic.tr.
589tr. 86400 IN NSEC trade. NS RRSIG NSEC
590tr. 86400 IN RRSIG NSEC 8 1 86400 20191126050000 20191113040000 22545 . qCWXHdrtGx8D1GauO7+7nuOS1HSWTYxixKml5WqQANisSvIi3UIe4Opo v9LrxR3jzYPDTvK8goifRFUGeD14pXCEp/OrxOXuv1pYfskea8sRHbaa kheekZYzSDS3o0tciAvVpf+0lX4QIeiULo4wDk6oz5cSN3LJ22FUvn/Y YRSs9yWAfCmwqzm1OTpOpOcFu+oQ0aN8Ors8GAKkNFNJDbPfVfDNU/28 O1nU82iV+v8ax6JimqDh8EWnVM8hZOwH3l3XHGXNYTn7b+KMZw1LDINL zi2LfErQqp6McATOxRXc1VTt633gacA//kpy4IEySl+pkYINsJOtG6NU XDbhvQ==
591;; Received 745 bytes from 2001:500:12::d0d#53(g.root-servers.net) in 68 ms
592
593mkutup.gov.tr. 43200 IN NS ns1.mkutup.gov.tr.
594mkutup.gov.tr. 43200 IN NS ns2.mkutup.gov.tr.
595;; Received 166 bytes from 185.7.0.3#53(ns42.nic.tr) in 258 ms
596
597mkutup.gov.tr. 10800 IN A 176.117.96.21
598mkutup.gov.tr. 10800 IN NS ns1.mkutup.gov.tr.
599mkutup.gov.tr. 10800 IN NS ns2.mkutup.gov.tr.
600;; Received 182 bytes from 176.117.96.10#53(ns1.mkutup.gov.tr) in 337 ms
601#######################################################################################################################################
602[*] Performing General Enumeration of Domain: mkutup.gov.tr
603[-] DNSSEC is not configured for mkutup.gov.tr
604[*] SOA ns1.mkutup.gov.tr 176.117.96.10
605[*] NS ns1.mkutup.gov.tr 176.117.96.10
606[-] Recursion enabled on NS Server 176.117.96.10
607[*] Bind Version for 176.117.96.10 9.3.4-P1.1
608[*] NS ns1.mkutup.gov.tr 2001:67c:2988:c096::10
609[*] NS ns2.mkutup.gov.tr 176.117.96.20
610[-] Recursion enabled on NS Server 176.117.96.20
611[*] Bind Version for 176.117.96.20 9.3.4-P1.1
612[*] NS ns2.mkutup.gov.tr 2001:67c:2988:c096::20
613[*] MX mailgw.mkutup.gov.tr 176.117.96.35
614[*] MX mailgw.mkutup.gov.tr 2001:67c:2988:c096::35
615[*] A mkutup.gov.tr 176.117.96.21
616[*] AAAA mkutup.gov.tr 2001:67c:2988:c096::21
617[*] TXT mkutup.gov.tr v=spf1 ip4:176.117.96.0/24 -all
618[*] Enumerating SRV Records
619[-] No SRV Records Found for mkutup.gov.tr
620[+] 0 Records Found
621#######################################################################################################################################
622[*] Processing domain mkutup.gov.tr
623[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
624[+] Getting nameservers
625176.117.96.10 - ns1.mkutup.gov.tr
626176.117.96.20 - ns2.mkutup.gov.tr
627[-] Zone transfer failed
628
629[+] IPv6 (AAAA) records found. Try running dnscan with the -6 option.
6302001:67c:2988:c096::21
631
632[+] TXT records found
633"v=spf1 ip4:176.117.96.0/24 -all"
634
635[+] MX records found, added to target list
63610 mailgw.mkutup.gov.tr.
637
638[*] Scanning mkutup.gov.tr for A records
639176.117.96.21 - mkutup.gov.tr
640176.117.96.35 - mailgw.mkutup.gov.tr
641176.117.96.34 - mail.mkutup.gov.tr
642176.117.96.10 - ns1.mkutup.gov.tr
643176.117.96.20 - ns2.mkutup.gov.tr
644176.117.96.48 - test.mkutup.gov.tr
645176.117.96.21 - www.mkutup.gov.tr
646#######################################################################################################################################
647
648 AVAILABLE PLUGINS
649 -----------------
650
651 CompressionPlugin
652 HeartbleedPlugin
653 CertificateInfoPlugin
654 OpenSslCipherSuitesPlugin
655 RobotPlugin
656 HttpHeadersPlugin
657 EarlyDataPlugin
658 FallbackScsvPlugin
659 OpenSslCcsInjectionPlugin
660 SessionRenegotiationPlugin
661 SessionResumptionPlugin
662
663
664
665 CHECKING HOST(S) AVAILABILITY
666 -----------------------------
667
668 176.117.96.21:443 => 176.117.96.21
669
670
671
672
673 SCAN RESULTS FOR 176.117.96.21:443 - 176.117.96.21
674 --------------------------------------------------
675
676 * Deflate Compression:
677 OK - Compression disabled
678
679 * TLSV1_3 Cipher Suites:
680 Server rejected all cipher suites.
681
682 * Session Renegotiation:
683 Client-initiated Renegotiation: OK - Rejected
684 Secure Renegotiation: OK - Supported
685
686 * Downgrade Attacks:
687 TLS_FALLBACK_SCSV: VULNERABLE - Signaling cipher suite not supported
688
689 * OpenSSL Heartbleed:
690 OK - Not vulnerable to Heartbleed
691
692 * SSLV2 Cipher Suites:
693 Forward Secrecy INSECURE - Not Supported
694 RC4 INSECURE - Supported
695
696 Preferred:
697 None - Server followed client cipher suite preference.
698 Accepted:
699 SSL_CK_RC4_128_WITH_MD5 128 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
700 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 112 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
701
702 * Certificate Information:
703 Content
704 SHA1 Fingerprint: d26aa9437b5041d9de41b4ef4f2db771372853ba
705 Common Name: *.mkutup.gov.tr
706 Issuer: Sectigo RSA Domain Validation Secure Server CA
707 Serial Number: 151274174289570251693252937781274252370
708 Not Before: 2019-04-30 00:00:00
709 Not After: 2021-05-02 23:59:59
710 Signature Algorithm: sha256
711 Public Key Algorithm: RSA
712 Key Size: 2048
713 Exponent: 65537 (0x10001)
714 DNS Subject Alternative Names: ['*.mkutup.gov.tr', 'mkutup.gov.tr']
715
716 Trust
717 Hostname Validation: FAILED - Certificate does NOT match 176.117.96.21
718 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: ok
719 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: ok
720 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: ok
721 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: ok
722 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: ok
723 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
724 Received Chain: *.mkutup.gov.tr --> Sectigo RSA Domain Validation Secure Server CA --> USERTrust RSA Certification Authority
725 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
726 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
727 Received Chain Order: OK - Order is valid
728 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
729
730 Extensions
731 OCSP Must-Staple: NOT SUPPORTED - Extension not found
732 Certificate Transparency: OK - 3 SCTs included
733
734 OCSP Stapling
735 OCSP Response Status: successful
736 Validation w/ Mozilla Store: FAILED - Response is NOT trusted
737 Responder Id: 8D8C5EC454AD8AE177E99BF99B05E1B8018D61E1
738 Cert Status: good
739 Cert Serial Number: 71CE58A110EC30DE0A6B991DB5B49452
740 This Update: Nov 11 17:19:32 2019 GMT
741 Next Update: Nov 15 17:19:32 2019 GMT
742
743 * TLSV1_1 Cipher Suites:
744 Server rejected all cipher suites.
745
746 * TLSV1_2 Cipher Suites:
747 Server rejected all cipher suites.
748
749 * ROBOT Attack:
750 OK - Not vulnerable
751
752 * TLSV1 Cipher Suites:
753 Forward Secrecy OK - Supported
754 RC4 INSECURE - Supported
755
756 Preferred:
757 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
758 Accepted:
759 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
760 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
761 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
762 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
763 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
764 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
765 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
766 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
767 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
768
769 * OpenSSL CCS Injection:
770 OK - Not vulnerable to OpenSSL CCS injection
771
772 * SSLV3 Cipher Suites:
773 Forward Secrecy INSECURE - Not Supported
774 RC4 INSECURE - Supported
775
776 Preferred:
777 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
778 Accepted:
779 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
780 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
781 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 302 Redirect - https://176.117.96.21/SitePages/default.aspx
782
783 * TLS 1.2 Session Resumption Support:
784 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
785 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
786
787
788 SCAN COMPLETED IN 41.60 S
789 -------------------------
790#######################################################################################################################################
791
792Domains still to check: 1
793 Checking if the hostname mkutup.gov.tr. given is in fact a domain...
794
795Analyzing domain: mkutup.gov.tr.
796 Checking NameServers using system default resolver...
797 IP: 176.117.96.10 (Turkey)
798 HostName: ns1.mkutup.gov.tr Type: NS
799 HostName: ns1.mkutup.gov.tr Type: PTR
800 IP: 176.117.96.20 (Turkey)
801 HostName: ns2.mkutup.gov.tr Type: NS
802 HostName: ns2.mkutup.gov.tr Type: PTR
803
804 Checking MailServers using system default resolver...
805 IP: 176.117.96.35 (Turkey)
806 HostName: mailgw.mkutup.gov.tr Type: MX
807 HostName: mailgw.mkutup.gov.tr Type: PTR
808
809 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
810 No zone transfer found on nameserver 176.117.96.10
811 No zone transfer found on nameserver 176.117.96.20
812
813 Checking SPF record...
814 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 176.117.96.0/24, but only the network IP
815 New IP found: 176.117.96.0
816
817 Checking 192 most common hostnames using system default resolver...
818 IP: 176.117.96.21 (Turkey)
819 HostName: www.mkutup.gov.tr. Type: A
820 IP: 176.117.96.34 (Turkey)
821 HostName: mail.mkutup.gov.tr. Type: A
822 IP: 176.117.96.48 (Turkey)
823 HostName: test.mkutup.gov.tr. Type: A
824 IP: 176.117.96.10 (Turkey)
825 HostName: ns1.mkutup.gov.tr Type: NS
826 HostName: ns1.mkutup.gov.tr Type: PTR
827 HostName: ns1.mkutup.gov.tr. Type: A
828 IP: 176.117.96.20 (Turkey)
829 HostName: ns2.mkutup.gov.tr Type: NS
830 HostName: ns2.mkutup.gov.tr Type: PTR
831 HostName: ns2.mkutup.gov.tr. Type: A
832
833 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
834 Checking netblock 176.117.96.0
835
836 Searching for mkutup.gov.tr. emails in Google
837 tuncel@mkutup.gov.tr.
838 info@mkutup.gov.tr.
839 erdal@mkutup.gov.tr'
840 bilgi@mkutup.gov.tr:
841 nfo@mkutup.gov.tr.
842 bilgi@mkutup.gov.tr.
843
844 Checking 7 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
845 Host 176.117.96.10 is up (reset ttl 64)
846 Host 176.117.96.21 is up (reset ttl 64)
847 Host 176.117.96.20 is up (reset ttl 64)
848 Host 176.117.96.34 is up (reset ttl 64)
849 Host 176.117.96.35 is up (reset ttl 64)
850 Host 176.117.96.0 is up (reset ttl 64)
851 Host 176.117.96.48 is up (reset ttl 64)
852
853 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
854 Scanning ip 176.117.96.10 (ns1.mkutup.gov.tr.):
855 53/tcp open domain syn-ack ttl 48 ISC BIND 9.3.4-P1.1
856 | dns-nsid:
857 |_ bind.version: 9.3.4-P1.1
858 Scanning ip 176.117.96.21 (www.mkutup.gov.tr.):
859 80/tcp open http syn-ack ttl 114 Microsoft IIS httpd 7.5
860 | http-methods:
861 |_ Supported Methods: GET HEAD POST OPTIONS
862 |_http-server-header: Microsoft-IIS/7.5
863 | http-title: Untitled 1
864 |_Requested resource was http://176.117.96.21/SitePages/default.aspx
865 443/tcp open ssl/https? syn-ack ttl 112
866 |_ssl-date: 2019-11-13T14:59:22+00:00; -2s from scanner time.
867 | sslv2:
868 | SSLv2 supported
869 | ciphers:
870 | SSL2_RC4_128_WITH_MD5
871 |_ SSL2_DES_192_EDE3_CBC_WITH_MD5
872 Device type: general purpose|WAP
873 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows Vista|7|2008 (85%)
874 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
875 |_clock-skew: -2s
876 Scanning ip 176.117.96.20 (ns2.mkutup.gov.tr.):
877 53/tcp open domain syn-ack ttl 49 ISC BIND 9.3.4-P1.1
878 | dns-nsid:
879 |_ bind.version: 9.3.4-P1.1
880 Device type: WAP|broadband router|general purpose|remote management
881 Running (JUST GUESSING): Linux 2.4.X|2.6.X (93%), Asus embedded (91%), Avocent embedded (89%), Cisco AireOS (89%), Cisco embedded (89%), Dell embedded (89%)
882 Scanning ip 176.117.96.34 (mail.mkutup.gov.tr.):
883 80/tcp open http syn-ack ttl 113 Microsoft IIS httpd 7.5
884 | http-methods:
885 |_ Supported Methods: GET HEAD POST OPTIONS
886 |_http-server-header: Microsoft-IIS/7.5
887 |_http-title: Did not follow redirect to https://mail.mkutup.gov.tr/owa/
888 143/tcp open imap syn-ack ttl 112 Microsoft Exchange 2007-2010 imapd
889 |_imap-capabilities: CHILDREN LOGINDISABLED IMAP4 completed CAPABILITY LITERAL+A0001 OK NAMESPACE IMAP4rev1 IDLE UIDPLUS
890 443/tcp open ssl/https? syn-ack ttl 114
891 |_ssl-date: 2019-11-13T15:02:55+00:00; -2s from scanner time.
892 | sslv2:
893 | SSLv2 supported
894 | ciphers:
895 | SSL2_RC4_128_WITH_MD5
896 |_ SSL2_DES_192_EDE3_CBC_WITH_MD5
897 587/tcp open smtp syn-ack ttl 113 Microsoft Exchange smtpd
898 | smtp-commands: EXCCAS01.mkutup.gov.tr Hello [160.116.0.22], SIZE 10485760, PIPELINING, DSN, ENHANCEDSTATUSCODES, AUTH GSSAPI NTLM, 8BITMIME, BINARYMIME, CHUNKING,
899 |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
900 | smtp-ntlm-info:
901 | Target_Name: MKUTUP
902 | NetBIOS_Domain_Name: MKUTUP
903 | NetBIOS_Computer_Name: EXCCAS01
904 | DNS_Domain_Name: mkutup.gov.tr
905 | DNS_Computer_Name: EXCCAS01.mkutup.gov.tr
906 | DNS_Tree_Name: mkutup.gov.tr
907 |_ Product_Version: 6.1.7601
908 OS Info: Service Info: Host: EXCCAS01.mkutup.gov.tr; OS: Windows; CPE: cpe:/o:microsoft:windows
909 |_clock-skew: mean: -2s, deviation: 0s, median: -2s
910 Scanning ip 176.117.96.35 (mailgw.mkutup.gov.tr (PTR)):
911 Scanning ip 176.117.96.0 ():
912 Scanning ip 176.117.96.48 (test.mkutup.gov.tr.):
913 80/tcp open http syn-ack ttl 112 Microsoft IIS httpd 7.5
914 |_http-favicon: Unknown favicon MD5: 8BC1F8FE14A6A90234F7CE92F64EC972
915 | http-methods:
916 | Supported Methods: OPTIONS TRACE GET HEAD POST
917 |_ Potentially risky methods: TRACE
918 |_http-server-header: Microsoft-IIS/7.5
919 |_http-title: Milli Kütüphane | National Library of Turkey
920 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
921 WebCrawling domain's web servers... up to 50 max links.
922
923 + URL to crawl: http://www.mkutup.gov.tr.
924 + Date: 2019-11-13
925
926 + Crawling URL: http://www.mkutup.gov.tr.:
927 + Links:
928 + Crawling http://www.mkutup.gov.tr. (400 Bad Request)
929 + Searching for directories...
930 + Searching open folders...
931
932
933 + URL to crawl: http://mail.mkutup.gov.tr.
934 + Date: 2019-11-13
935
936 + Crawling URL: http://mail.mkutup.gov.tr.:
937 + Links:
938 + Crawling http://mail.mkutup.gov.tr. (400 Bad Request)
939 + Searching for directories...
940 + Searching open folders...
941
942
943 + URL to crawl: http://test.mkutup.gov.tr.
944 + Date: 2019-11-13
945
946 + Crawling URL: http://test.mkutup.gov.tr.:
947 + Links:
948 + Crawling http://test.mkutup.gov.tr. (400 Bad Request)
949 + Searching for directories...
950 + Searching open folders...
951
952--Finished--
953Summary information for domain mkutup.gov.tr.
954-----------------------------------------
955 Domain Specific Information:
956 Email: tuncel@mkutup.gov.tr.
957 Email: info@mkutup.gov.tr.
958 Email: erdal@mkutup.gov.tr'
959 Email: bilgi@mkutup.gov.tr:
960 Email: nfo@mkutup.gov.tr.
961 Email: bilgi@mkutup.gov.tr.
962
963 Domain Ips Information:
964 IP: 176.117.96.10
965 HostName: ns1.mkutup.gov.tr Type: NS
966 HostName: ns1.mkutup.gov.tr Type: PTR
967 HostName: ns1.mkutup.gov.tr. Type: A
968 Country: Turkey
969 Is Active: True (reset ttl 64)
970 Port: 53/tcp open domain syn-ack ttl 48 ISC BIND 9.3.4-P1.1
971 Script Info: | dns-nsid:
972 Script Info: |_ bind.version: 9.3.4-P1.1
973 IP: 176.117.96.21
974 HostName: www.mkutup.gov.tr. Type: A
975 Country: Turkey
976 Is Active: True (reset ttl 64)
977 Port: 80/tcp open http syn-ack ttl 114 Microsoft IIS httpd 7.5
978 Script Info: | http-methods:
979 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
980 Script Info: |_http-server-header: Microsoft-IIS/7.5
981 Script Info: | http-title: Untitled 1
982 Script Info: |_Requested resource was http://176.117.96.21/SitePages/default.aspx
983 Port: 443/tcp open ssl/https? syn-ack ttl 112
984 Script Info: |_ssl-date: 2019-11-13T14:59:22+00:00; -2s from scanner time.
985 Script Info: | sslv2:
986 Script Info: | SSLv2 supported
987 Script Info: | ciphers:
988 Script Info: | SSL2_RC4_128_WITH_MD5
989 Script Info: |_ SSL2_DES_192_EDE3_CBC_WITH_MD5
990 Script Info: Device type: general purpose|WAP
991 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows Vista|7|2008 (85%)
992 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
993 Script Info: |_clock-skew: -2s
994 IP: 176.117.96.20
995 HostName: ns2.mkutup.gov.tr Type: NS
996 HostName: ns2.mkutup.gov.tr Type: PTR
997 HostName: ns2.mkutup.gov.tr. Type: A
998 Country: Turkey
999 Is Active: True (reset ttl 64)
1000 Port: 53/tcp open domain syn-ack ttl 49 ISC BIND 9.3.4-P1.1
1001 Script Info: | dns-nsid:
1002 Script Info: |_ bind.version: 9.3.4-P1.1
1003 Script Info: Device type: WAP|broadband router|general purpose|remote management
1004 Script Info: Running (JUST GUESSING): Linux 2.4.X|2.6.X (93%), Asus embedded (91%), Avocent embedded (89%), Cisco AireOS (89%), Cisco embedded (89%), Dell embedded (89%)
1005 IP: 176.117.96.34
1006 HostName: mail.mkutup.gov.tr. Type: A
1007 Country: Turkey
1008 Is Active: True (reset ttl 64)
1009 Port: 80/tcp open http syn-ack ttl 113 Microsoft IIS httpd 7.5
1010 Script Info: | http-methods:
1011 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1012 Script Info: |_http-server-header: Microsoft-IIS/7.5
1013 Script Info: |_http-title: Did not follow redirect to https://mail.mkutup.gov.tr/owa/
1014 Port: 143/tcp open imap syn-ack ttl 112 Microsoft Exchange 2007-2010 imapd
1015 Script Info: |_imap-capabilities: CHILDREN LOGINDISABLED IMAP4 completed CAPABILITY LITERAL+A0001 OK NAMESPACE IMAP4rev1 IDLE UIDPLUS
1016 Port: 443/tcp open ssl/https? syn-ack ttl 114
1017 Script Info: |_ssl-date: 2019-11-13T15:02:55+00:00; -2s from scanner time.
1018 Script Info: | sslv2:
1019 Script Info: | SSLv2 supported
1020 Script Info: | ciphers:
1021 Script Info: | SSL2_RC4_128_WITH_MD5
1022 Script Info: |_ SSL2_DES_192_EDE3_CBC_WITH_MD5
1023 Port: 587/tcp open smtp syn-ack ttl 113 Microsoft Exchange smtpd
1024 Script Info: | smtp-commands: EXCCAS01.mkutup.gov.tr Hello [160.116.0.22], SIZE 10485760, PIPELINING, DSN, ENHANCEDSTATUSCODES, AUTH GSSAPI NTLM, 8BITMIME, BINARYMIME, CHUNKING,
1025 Script Info: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT
1026 Script Info: | smtp-ntlm-info:
1027 Script Info: | Target_Name: MKUTUP
1028 Script Info: | NetBIOS_Domain_Name: MKUTUP
1029 Script Info: | NetBIOS_Computer_Name: EXCCAS01
1030 Script Info: | DNS_Domain_Name: mkutup.gov.tr
1031 Script Info: | DNS_Computer_Name: EXCCAS01.mkutup.gov.tr
1032 Script Info: | DNS_Tree_Name: mkutup.gov.tr
1033 Script Info: |_ Product_Version: 6.1.7601
1034 Os Info: Host: EXCCAS01.mkutup.gov.tr; OS: Windows; CPE: cpe:/o:microsoft:windows
1035 Script Info: |_clock-skew: mean: -2s, deviation: 0s, median: -2s
1036 IP: 176.117.96.35
1037 HostName: mailgw.mkutup.gov.tr Type: MX
1038 HostName: mailgw.mkutup.gov.tr Type: PTR
1039 Country: Turkey
1040 Is Active: True (reset ttl 64)
1041 IP: 176.117.96.0
1042 Type: SPF
1043 Is Active: True (reset ttl 64)
1044 IP: 176.117.96.48
1045 HostName: test.mkutup.gov.tr. Type: A
1046 Country: Turkey
1047 Is Active: True (reset ttl 64)
1048 Port: 80/tcp open http syn-ack ttl 112 Microsoft IIS httpd 7.5
1049 Script Info: |_http-favicon: Unknown favicon MD5: 8BC1F8FE14A6A90234F7CE92F64EC972
1050 Script Info: | http-methods:
1051 Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
1052 Script Info: |_ Potentially risky methods: TRACE
1053 Script Info: |_http-server-header: Microsoft-IIS/7.5
1054 Script Info: |_http-title: Milli Kütüphane | National Library of Turkey
1055 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1056#######################################################################################################################################
1057Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 12:53 EST
1058Nmap scan report for 176.117.96.21
1059Host is up (0.20s latency).
1060Not shown: 995 filtered ports, 3 closed ports
1061Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1062PORT STATE SERVICE
106380/tcp open http
1064443/tcp open https
1065
1066Nmap done: 1 IP address (1 host up) scanned in 14.22 seconds
1067#######################################################################################################################################
1068Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 12:54 EST
1069Nmap scan report for 176.117.96.21
1070Host is up (0.14s latency).
1071Not shown: 2 filtered ports
1072PORT STATE SERVICE
107353/udp open|filtered domain
107467/udp open|filtered dhcps
107568/udp open|filtered dhcpc
107669/udp open|filtered tftp
107788/udp open|filtered kerberos-sec
1078123/udp open|filtered ntp
1079139/udp open|filtered netbios-ssn
1080161/udp open|filtered snmp
1081162/udp open|filtered snmptrap
1082389/udp open|filtered ldap
1083500/udp open|filtered isakmp
1084520/udp open|filtered route
10852049/udp open|filtered nfs
1086
1087Nmap done: 1 IP address (1 host up) scanned in 3.38 seconds
1088#######################################################################################################################################
1089HTTP/1.1 302 Redirect
1090Content-Length: 166
1091Content-Type: text/html; charset=UTF-8
1092Location: http://176.117.96.21/SitePages/default.aspx
1093Server: Microsoft-IIS/7.5
1094X-SharePointHealthScore: 0
1095SPRequestGuid: 3781179f-fea9-e08e-bb98-ef084a6e15ef
1096request-id: 3781179f-fea9-e08e-bb98-ef084a6e15ef
1097X-FRAME-OPTIONS: SAMEORIGIN
1098SPRequestDuration: 6
1099SPIisLatency: 0
1100X-Powered-By: ASP.NET
1101MicrosoftSharePointTeamServices: 15.0.0.4420
1102X-Content-Type-Options: nosniff
1103X-MS-InvokeApp: 1; RequireReadOnly
1104Date: Wed, 13 Nov 2019 17:54:03 GMT
1105#######################################################################################################################################
1106http://176.117.96.21 [302 Found] Country[TURKEY][TR], HTTPServer[Microsoft-IIS/7.5], IP[176.117.96.21], Microsoft-IIS[7.5], Microsoft-Sharepoint[15.0.0.4420], RedirectLocation[http://176.117.96.21/SitePages/default.aspx], Title[Document Moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN], X-Powered-By[ASP.NET]
1107http://176.117.96.21/SitePages/default.aspx [200 OK] ASP_NET[4.0.30319], Country[TURKEY][TR], HTTPServer[Microsoft-IIS/7.5], IP[176.117.96.21], Microsoft-IIS[7.5], Microsoft-Sharepoint[15.0.0.4420], Script[text/javascript], Title[Untitled 1][Title element contains newline(s)!], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN], X-Powered-By[ASP.NET], X-UA-Compatible[IE=10]
1108#######################################################################################################################################
1109
1110wig - WebApp Information Gatherer
1111
1112
1113Scanning http://176.117.96.21...
1114_____________________________________ SITE INFO _____________________________________
1115IP Title
1116176.117.96.21 Untitled 1
1117
1118______________________________________ VERSION ______________________________________
1119Name Versions Type
1120SharePoint 15.0.0.4420 CMS
1121ASP.NET 4.0.30319 Platform
1122IIS 7.5 Platform
1123Microsoft Windows Server 2008 R2 OS
1124
1125____________________________________ INTERESTING ____________________________________
1126URL Note Type
1127/_layouts/create.aspx Sharepoint Create Page Interesting
1128
1129_______________________________________ TOOLS _______________________________________
1130Name Link Software
1131sparty https://github.com/alias1/sparty SharePoint
1132spscan https://github.com/toddsiegel/spscan SharePoint
1133Sharepoint URL Brute http://www.bishopfox.com/download/414/ SharePoint
1134
1135_____________________________________________________________________________________
1136Time: 1.3 sec Urls: 158 Fingerprints: 40401
1137#######################################################################################################################################
1138Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 12:54 EST
1139NSE: Loaded 163 scripts for scanning.
1140NSE: Script Pre-scanning.
1141Initiating NSE at 12:54
1142Completed NSE at 12:54, 0.00s elapsed
1143Initiating NSE at 12:54
1144Completed NSE at 12:54, 0.00s elapsed
1145Initiating Parallel DNS resolution of 1 host. at 12:54
1146Completed Parallel DNS resolution of 1 host. at 12:54, 0.02s elapsed
1147Initiating SYN Stealth Scan at 12:54
1148Scanning 176.117.96.21 [1 port]
1149Discovered open port 80/tcp on 176.117.96.21
1150Completed SYN Stealth Scan at 12:54, 0.26s elapsed (1 total ports)
1151Initiating Service scan at 12:54
1152Scanning 1 service on 176.117.96.21
1153Completed Service scan at 12:54, 6.45s elapsed (1 service on 1 host)
1154Initiating OS detection (try #1) against 176.117.96.21
1155Retrying OS detection (try #2) against 176.117.96.21
1156Initiating Traceroute at 12:54
1157Completed Traceroute at 12:54, 3.38s elapsed
1158Initiating Parallel DNS resolution of 10 hosts. at 12:54
1159Completed Parallel DNS resolution of 10 hosts. at 12:54, 0.25s elapsed
1160NSE: Script scanning 176.117.96.21.
1161Initiating NSE at 12:54
1162Completed NSE at 12:56, 112.72s elapsed
1163Initiating NSE at 12:56
1164Completed NSE at 12:56, 0.90s elapsed
1165Nmap scan report for 176.117.96.21
1166Host is up (0.22s latency).
1167
1168PORT STATE SERVICE VERSION
116980/tcp open http Microsoft IIS httpd 7.5
1170| http-aspnet-debug:
1171|_ status: DEBUG is enabled
1172| http-brute:
1173|_ Path "/" does not require authentication
1174|_http-chrono: Request times for /SitePages/default.aspx; avg: 546.13ms; min: 506.86ms; max: 581.60ms
1175|_http-config-backup: ERROR: Script execution failed (use -d to debug)
1176| http-csrf:
1177| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=176.117.96.21
1178| Found the following possible CSRF vulnerabilities:
1179|
1180| Path: http://176.117.96.21:80/SitePages/default.aspx
1181| Form id: form1
1182| Form action: ./default.aspx
1183|
1184| Path: http://176.117.96.21:80/SitePages/default.aspx
1185| Form id: form1
1186|_ Form action: ./default.aspx
1187|_http-date: Wed, 13 Nov 2019 17:54:36 GMT; -2s from local time.
1188|_http-devframework: ASP.NET detected. Found related header.
1189|_http-dombased-xss: Couldn't find any DOM based XSS.
1190|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1191|_http-errors: Couldn't find any error pages.
1192|_http-feed: Couldn't find any feeds.
1193|_http-fetch: Please enter the complete path of the directory to save data in.
1194| http-headers:
1195| Cache-Control: private, max-age=0
1196| Content-Length: 800
1197| Content-Type: text/html; charset=utf-8
1198| Expires: Tue, 29 Oct 2019 17:54:41 GMT
1199| Last-Modified: Wed, 13 Nov 2019 17:54:41 GMT
1200| Server: Microsoft-IIS/7.5
1201| X-SharePointHealthScore: 0
1202| X-AspNet-Version: 4.0.30319
1203| SPRequestGuid: 4081179f-4ebf-e08e-bb98-ed3e7a0f58ab
1204| request-id: 4081179f-4ebf-e08e-bb98-ed3e7a0f58ab
1205| X-FRAME-OPTIONS: SAMEORIGIN
1206| SPRequestDuration: 15
1207| SPIisLatency: 1
1208| X-Powered-By: ASP.NET
1209| MicrosoftSharePointTeamServices: 15.0.0.4420
1210| X-Content-Type-Options: nosniff
1211| X-MS-InvokeApp: 1; RequireReadOnly
1212| Date: Wed, 13 Nov 2019 17:54:40 GMT
1213| Connection: close
1214|
1215|_ (Request type: HEAD)
1216|_http-iis-webdav-vuln: Could not determine vulnerability, since root folder is password protected
1217|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1218| http-methods:
1219|_ Supported Methods: GET HEAD POST OPTIONS
1220|_http-mobileversion-checker: No mobile version detected.
1221| http-php-version: Logo query returned unknown hash f2fd6922cf86e399546d37ed322c6198
1222|_Credits query returned unknown hash 2f2a846b43a2c432554eb55857ffb270
1223| http-security-headers:
1224| X_Frame_Options:
1225| Header: X-Frame-Options: SAMEORIGIN
1226| Description: The browser must not display this content in any frame from a page of different origin than the content itself.
1227| X_Content_Type_Options:
1228| Header: X-Content-Type-Options: nosniff
1229| Description: Will prevent the browser from MIME-sniffing a response away from the declared content-type.
1230| Cache_Control:
1231| Header: Cache-Control: private, max-age=0
1232| Expires:
1233|_ Header: Expires: Tue, 29 Oct 2019 17:54:43 GMT
1234|_http-server-header: Microsoft-IIS/7.5
1235| http-sitemap-generator:
1236| Directory structure:
1237| /SitePages/
1238| aspx: 1
1239| Longest directory structure:
1240| Depth: 1
1241| Dir: /SitePages/
1242| Total files found (by extension):
1243|_ aspx: 1
1244|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1245| http-title: Untitled 1
1246|_Requested resource was http://176.117.96.21/SitePages/default.aspx
1247|_http-userdir-enum: Potential Users: root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test
1248| http-vhosts:
1249| 117 names had status 302
1250| vm
1251| f5
1252| mx
1253| ns
1254| en
1255| ap
1256| db
1257| gw
1258| id
1259|_s3
1260| http-waf-detect: IDS/IPS/WAF detected:
1261|_176.117.96.21:80/?p4yl04d3=<script>alert(document.cookie)</script>
1262|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1263|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1264|_http-xssed: No previously reported XSS vuln.
1265| vulscan: VulDB - https://vuldb.com:
1266| [68404] Microsoft IIS 7.5 Error Message mypage cross site scripting
1267| [6924] Microsoft IIS 7.5 Log File Permission information disclosure
1268| [5623] Microsoft IIS up to 7.5 File Name Tilde privilege escalation
1269| [4234] Microsoft IIS 7.5 FTP Server Telnet IAC Character Heap-based denial of service
1270| [4179] Microsoft IIS 7.5 FastCGI Request Header memory corruption
1271| [98097] Microsoft IIS 7.0/7.5/8.0/8.5/10 /uncpath/ cross site scripting
1272| [6925] Microsoft IIS 7.0/7.5 FTP Command information disclosure
1273| [4484] Microsoft Windows Phone 7.5 SMS Service denial of service
1274|
1275| MITRE CVE - https://cve.mitre.org:
1276| [CVE-2012-2532] Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."
1277| [CVE-2012-2531] Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
1278| [CVE-2010-3972] Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
1279| [CVE-2010-2730] Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
1280| [CVE-2010-1899] Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
1281| [CVE-2010-1256] Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
1282| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
1283| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
1284| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
1285| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
1286| [CVE-2009-2521] Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
1287| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
1288| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
1289| [CVE-2008-0074] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
1290| [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
1291| [CVE-2007-1278] Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
1292| [CVE-2006-5858] Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
1293| [CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
1294| [CVE-2006-0363] The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE.
1295|
1296| SecurityFocus - https://www.securityfocus.com/bid/:
1297| [55569] Microsoft Windows Phone 7 SSL Certificate 'Common Name' Validation Security Bypass Vulnerability
1298| [28820] Microsoft Works 7 'WkImgSrv.dll' ActiveX Control Remote Code Execution Vulnerability
1299| [28498] Microsoft Internet Explorer 7 Popup Window Address Bar URI Spoofing Vulnerability
1300| [24483] Microsoft Internet Explorer 7 HTTP Authentication International Domain Name Spoofing Weakness
1301| [20728] Microsoft Internet Explorer 7 Popup Window Address Bar Spoofing Weakness
1302| [18736] Microsoft Internet Explorer 7 Denial of Service Vulnerability
1303| [5877] Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability
1304| [4108] Microsoft Visual C++ 7/Visual C++.Net Buffer Overflow Protection Weakness
1305| [1714] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability
1306| [1444] Microsoft SQL Server 7.0 Stored Procedure Vulnerability
1307| [1281] Microsoft SQL Server 7.0 System Administrator Password Disclosure Vulnerability
1308| [817] Microsoft SQL Server 7.0 NULL Data DoS Vulnerability
1309| [90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability
1310| [86059] Microsoft IIS CVE-1999-0561 Remote Security Vulnerability
1311| [56440] Microsoft IIS FTP Service CVE-2012-2532 Remote Command Injection Vulnerability
1312| [56439] Microsoft IIS CVE-2012-2531 Password Information Disclosure Vulnerability
1313| [54276] Microsoft IIS Multiple FTP Command Request Denial of Service Vulnerability
1314| [54251] Microsoft IIS File Enumeration Weakness
1315| [53906] Microsoft IIS Authentication Bypass and Source Code Disclosure Vulnerabilities
1316| [45542] Microsoft IIS FTP Service Remote Buffer Overflow Vulnerability
1317| [43140] Microsoft IIS Repeated Parameter Request Denial of Service Vulnerability
1318| [43138] Microsoft IIS Request Header Buffer Overflow Vulnerability
1319| [41314] Microsoft IIS 5.1 Alternate Data Stream Authentication Bypass Vulnerability
1320| [40573] Microsoft IIS Authentication Remote Code Execution Vulnerability
1321| [37460] RETIRED: Microsoft IIS Malformed Local Filename Security Bypass Vulnerability
1322| [36276] RETIRED: Microsoft IIS FTPd Globbing Functionality Remote Denial of Service Vulnerability
1323| [36273] Microsoft IIS FTPd Globbing Functionality Remote Denial of Service Vulnerability
1324| [36189] Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability
1325| [35232] Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
1326| [34993] Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
1327| [33374] Microsoft IIS HTTP TRACK Method Information Disclosure Vulnerability
1328| [27101] Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability
1329| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
1330| [18858] Microsoft IIS ASP Remote Code Execution Vulnerability
1331| [14764] Microsoft IIS WebDAV HTTP Request Source Code Disclosure Vulnerability
1332| [10706] Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerability
1333| [9660] Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
1334| [9313] Microsoft IIS Failure To Log Undocumented TRACK Requests Vulnerability
1335| [8244] Microsoft Multiple IIS 6.0 Web Admin Vulnerabilities
1336| [8092] Microsoft IIS _VTI_BOT Malicious WebBot Elevated Permissions Vulnerability
1337| [8035] Microsoft Windows Media Services NSIISlog.DLL Remote Buffer Overflow Vulnerability
1338| [7735] Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability
1339| [7734] Microsoft IIS SSINC.DLL Server Side Includes Buffer Overflow Vulnerability
1340| [7733] Microsoft IIS ASP Header Denial Of Service Vulnerability
1341| [7731] Microsoft IIS Redirection Error Page Cross-Site Scripting Vulnerability
1342| [7492] Microsoft IIS User Existence Disclosure Vulnerability
1343| [6795] Microsoft IIS False Logging Weakness
1344| [6789] Microsoft IIS Malformed HTTP Get Request Denial Of Service Vulnerability
1345| [6072] Microsoft IIS Administrative Pages Cross Site Scripting Vulnerabilities
1346| [6071] Microsoft IIS Script Source Access File Upload Vulnerability
1347| [6070] Microsoft IIS WebDAV Denial Of Service Vulnerability
1348| [6069] Microsoft IIS Out Of Process Privilege Escalation Vulnerability
1349| [6068] Multiple Microsoft IIS Vulnerabilities
1350| [5907] Microsoft IIS Malformed HTTP HOST Header Field Denial Of Service Vulnerability
1351| [5900] Microsoft IIS IDC Extension Cross Site Scripting Vulnerability
1352| [5213] Microsoft IIS SMTP Service Encapsulated SMTP Address Vulnerability
1353| [4855] Microsoft IIS HTR Chunked Encoding Transfer Heap Overflow Vulnerability
1354| [4846] Microsoft IIS 5.0 Denial Of Service Vulnerability
1355| [4543] Microsoft IIS CodeBrws.ASP File Extension Check Out By One Vulnerability
1356| [4525] Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability
1357| [4490] Microsoft IIS Chunked Encoding Heap Overflow Variant Vulnerability
1358| [4487] Microsoft IIS HTTP Redirect Cross Site Scripting Vulnerability
1359| [4486] Microsoft IIS HTTP Error Page Cross Site Scripting Vulnerability
1360| [4485] Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability
1361| [4483] Microsoft IIS Help File Search Cross Site Scripting Vulnerability
1362| [4482] Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
1363| [4479] Microsoft IIS ISAPI Filter Access Violation Denial of Service Vulnerability
1364| [4478] Microsoft IIS ASP Server-Side Include Buffer Overflow Vulnerability
1365| [4476] Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability
1366| [4474] Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability
1367| [4235] Microsoft IIS Authentication Method Disclosure Vulnerability
1368| [4084] Microsoft IIS 5.1 Frontpage Server Extensions File Source Disclosure Vulnerability
1369| [4078] Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerability
1370| [3667] Microsoft IIS False Content-Length Field DoS Vulnerability
1371| [3195] Microsoft IIS MIME Header Denial of Service Vulnerability
1372| [3194] Microsoft IIS WebDAV Invalid Request Denial of Service Vulnerability
1373| [3193] Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability
1374| [3191] Microsoft IIS 4.0 URL Redirection DoS Vulnerability
1375| [3190] Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability
1376| [2977] Microsoft IIS Device File Remote DoS Vulnerability
1377| [2973] Microsoft IIS Device File Local DoS Vulnerability
1378| [2909] Microsoft IIS Unicode .asp Source Code Disclosure Vulnerability
1379| [2719] Microsoft IIS Various Domain User Account Access Vulnerability
1380| [2717] Microsoft IIS FTP Denial of Service Vulnerability
1381| [2690] Microsoft IIS WebDAV 'Propfind' Server Restart Vulnerability
1382| [2674] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability
1383| [2654] Microsoft IIS Long URL Denial of Service Vulnerability
1384| [2483] Microsoft IIS WebDAV 'Search' Denial of Service Vulnerability
1385| [2453] Microsoft IIS WebDAV Denial of Service Vulnerability
1386| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
1387| [2440] Microsoft IIS Multiple Invalid URL Request DoS Vulnerability
1388| [2313] Microsoft IIS File Fragment Disclosure Vulnerability
1389| [2280] Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability
1390| [2218] Microsoft IIS '../..' Denial of Service Vulnerability
1391| [2144] Microsoft IIS Front Page Server Extension DoS Vulnerability
1392| [2110] Microsoft IIS 4.0 IISADMPWD Proxied Password Attack
1393| [2100] Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability
1394| [2074] Microsoft IIS Appended Dot Script Source Disclosure Vulnerability
1395| [1912] Microsoft IIS Executable File Parsing Vulnerability
1396| [1911] Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability
1397| [1832] Microsoft IIS 4.0/5.0 Session ID Cookie Disclosure Vulnerability
1398| [1819] Microsoft IIS 4.0 Pickup Directory DoS Vulnerability
1399| [1818] Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability
1400| [1814] Microsoft IIS 3.0 %2e ASP Source Disclosure Vulnerability
1401| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
1402| [1806] Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability
1403| [1756] Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability
1404| [1642] Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability
1405| [1595] Microsoft IIS Cross Site Scripting .shtml Vulnerability
1406| [1594] Microsoft FrontPage/IIS Cross Site Scripting shtml.dll Vulnerability
1407| [1578] Microsoft IIS 5.0 Translate: f Source Disclosure Vulnerability
1408| [1565] Microsoft IIS 4.0/5.0 File Permission Canonicalization Vulnerability
1409| [1499] Microsoft IIS Internal IP Address Disclosure Vulnerability
1410| [1488] Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability
1411| [1476] Microsoft IIS 3.0 .htr Missing Variable Denial of Service Vulnerability
1412| [1193] Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability
1413| [1191] Microsoft IIS 4.0/5.0 Malformed .htr Request Vulnerability
1414| [1190] Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability
1415| [1101] Microsoft IIS 4.0/5.0 Escaped Characters Vulnerability
1416| [1081] Microsoft IIS UNC Mapped Virtual Host Vulnerability
1417| [1066] Microsoft IIS 4.0 Chunked Transfer Encoding Buffer Overflow Vulnerability
1418| [1065] Microsoft IIS UNC Path Disclosure Vulnerability
1419| [886] Microsoft IIS Escape Character Parsing Vulnerability
1420| [882] Microsoft IIS Virtual Directory Naming Vulnerability
1421| [658] Microsoft IIS FTP NO ACCESS Read/Delete File Vulnerability
1422| [657] Microsoft IIS 4.0 Domain Resolution Vulnerability
1423| [582] Microsoft IIS And PWS 8.3 Directory Name Vulnerability
1424| [190] Microsoft VisualInterDev 6.0 - IIS4- Management With No Authentication Vulnerability
1425|
1426| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1427| [78620] Microsoft Windows Phone 7 domain name spoofing
1428| [66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation
1429| [29670] Microsoft Internet Explorer 7 is installed
1430| [76716] Microsoft IIS FTP denial of service
1431| [76664] Microsoft IIS tilde information disclosure
1432| [61513] Microsoft Internet Information Services (IIS) URL authentication bypass
1433| [58864] Microsoft Internet Information Services (IIS) authentication code execution
1434| [55031] Microsoft Internet Information Services (IIS) filenames security bypass
1435| [53034] Microsoft Internet Information Services (IIS) directory listings denial of service
1436| [52915] Microsoft Internet Information Services (IIS) FTP buffer overflow
1437| [52243] Microsoft IIS With .NET Path Disclosure
1438| [52241] Microsoft IIS servervariables_vbscript.asp Information Disclosure
1439| [52240] Microsoft IIS Sample Application Physical Path Disclosure
1440| [52233] Microsoft IIS With .NET Path Disclosure
1441| [50573] Microsoft Internet Information Services (IIS) WebDAV security bypass
1442| [45584] Microsoft IIS adsiis.dll ActiveX control denial of service
1443| [42899] Microsoft IIS HTTP request smuggling
1444| [39235] Microsoft IIS root folders file change notification privilege escalation
1445| [39230] Microsoft IIS HTML encoded ASP code execution
1446| [34434] Microsoft IIS Hit-highlighting security bypass
1447| [34418] Microsoft Internet Information Server (IIS) AUX/.aspx denial of service
1448| [32074] Microsoft IIS iissamples directory present
1449| [31644] Microsoft IIS Web server access.cnf file detected
1450| [31642] Microsoft IIS Web server service.cnf file detected
1451| [31638] Microsoft IIS Web server svcacl.cnf file detected
1452| [31630] Microsoft Internet Information Services IISAdmin directory detected
1453| [27854] Microsoft IIS ASP cache virtual server information disclosure
1454| [26796] Microsoft Internet Information Services (IIS) ASP buffer overflow
1455| [16872] Microsoft Internet Information Server (IIS) ActivePerl command execution
1456| [16656] Microsoft Internet Information Server (IIS) MS04-021 patch is not installed
1457| [16578] Microsoft Internet Information Server (IIS) redirect buffer overflow
1458| [14077] Microsoft Internet Information Server (IIS) fails to properly log HTTP TRACK requests
1459| [13116] Microsoft IIS MS03-018 patch is not installed on the system
1460| [13088] Microsoft IIS running RealSecure Server Sensor ISAPI plug-in denial of service
1461| [12687] Microsoft IIS Remote Administration Tool allows attacker to reset administrative password
1462| [12686] Microsoft IIS Remote Administration Tool could allow an attacker to obtain valid session IDs
1463| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
1464| [12100] Microsoft IIS long WebDAV requests containing XML denial of service
1465| [12099] Microsoft IIS Response.AddHeader denial of service
1466| [12098] Microsoft IIS Server-Side Include (SSI) long file name buffer overflow
1467| [12097] Microsoft IIS redirect error cross-site scripting
1468| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
1469| [11918] Microsoft IIS authentication mechanism could allow an attacker to determine valid user account names
1470| [11537] Microsoft IIS WebDAV service is running on the system
1471| [11533] Microsoft IIS WebDAV long request buffer overflow
1472| [10590] Microsoft Internet Information Server (IIS) MS02-062 patch
1473| [10504] Microsoft IIS script source access could be bypassed to upload .COM files
1474| [10503] Microsoft IIS WebDAV memory allocation denial of service
1475| [10502] Microsoft IIS out-of-process applications could be used to gain elevated privileges
1476| [10501] Microsoft IIS administrative Web pages cross-site scripting
1477| [10370] Microsoft IIS HTTP HOST header denial of service
1478| [10294] Microsoft IIS .idc extension error message cross-site scripting
1479| [10184] Microsoft IIS 5.0 resource utilization denial of service
1480| [9791] Microsoft Exchange IIS license exhaustion denial of service
1481| [9580] Microsoft IIS SMTP service encapsulated addresses could allow mail relaying
1482| [9327] Microsoft IIS ISAPI HTR chunked encoding heap buffer overflow
1483| [9123] Microsoft IIS 5.0 Log Files Directory Permission Exposure
1484| [8853] Microsoft IIS CodeBrws.asp sample script can be used to view arbitrary file source code
1485| [8811] Microsoft IIS MS02-018 patch is not installed on the system
1486| [8804] Microsoft IIS redirected URL error cross-site scripting
1487| [8803] Microsoft IIS HTTP error page cross-site scripting
1488| [8802] Microsoft IIS Help File search cross-site scripting
1489| [8801] Microsoft IIS FTP session status request denial of service
1490| [8800] Microsoft IIS FrontPage Server Extensions and ASP.NET ISAPI filter error handling denial of service
1491| [8799] Microsoft IIS HTR ISAPI ISM.DLL extension buffer overflow
1492| [8798] Microsoft IIS SSI safety check buffer overflow
1493| [8797] Microsoft IIS ASP HTTP header parsing buffer overflow
1494| [8796] Microsoft IIS ASP data transfer heap buffer overflow
1495| [8795] Microsoft IIS ASP chunked encoding heap buffer overflow
1496| [8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass "
1497| [8385] Microsoft IIS specially-crafted request reveals IP address
1498| [8382] Microsoft IIS authentication error messages reveal configuration information
1499| [8191] Microsoft IIS 5.1 specially-crafted .cnf file request could reveal file contents
1500| [8174] Microsoft IIS 5.1 .cnf file request could reveal sensitive information
1501| [8056] Microsoft IIS is running on the system
1502| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
1503| [7691] Microsoft IIS HTTP GET request with false "
1504| [7640] Microsoft IIS is present on the system
1505| [7613] Microsoft IIS allows attackers to create fake log entries
1506| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
1507| [7559] Microsoft Index Server installed with IIS 4.0 could allow a local attacker to obtain physical path information
1508| [7558] Microsoft IIS FileSystemObject in showfile.asp could allow remote attackers to read arbitrary files
1509| [7202] Microsoft IIS 4.0/5.0 escaped percent found
1510| [7201] Microsoft IIS 4.0/5.0 malformed double percent sequence
1511| [7199] Microsoft IIS 4.0/5.0 malformed hex sequence
1512| [6995] Microsoft IIS %u Unicode wide character encoding detected
1513| [6994] Microsoft IIS %u Unicode encoding detected
1514| [6985] Microsoft IIS relative path usage in system file process table could allow elevated privileges
1515| [6984] Microsoft IIS specially-crafted SSI directives buffer overflow
1516| [6983] Microsoft IIS invalid MIME header denial of service
1517| [6982] Microsoft IIS WebDAV long invalid request denial of service
1518| [6981] Microsoft IIS URL redirection denial of service
1519| [6963] Microsoft IIS HTTPS connection could reveal internal IP address
1520| [6858] Microsoft IIS cross-site scripting patch denial of service
1521| [6800] Microsoft IIS device file request can crash the ASP processor
1522| [6742] Microsoft IIS reveals .asp source code with Unicode extensions
1523| [6705] Microsoft IIS idq.dll ISAPI extension buffer overflow
1524| [6549] Microsoft IIS WebDAV lock method memory leak can cause a denial of service
1525| [6545] Microsoft IIS FTP weak domain authentication
1526| [6535] Microsoft IIS FTP wildcard processing function denial of service
1527| [6534] Microsoft IIS URL decoding error could allow remote code execution
1528| [6485] Microsoft IIS 5.0 ISAPI Internet Printing Protocol extension buffer overflow
1529| [6205] Microsoft IIS WebDAV denial of service
1530| [6171] Microsoft IIS and Exchange malformed URL request denial of service
1531| [6029] Microsoft IIS CmdAsp could allow remote attackers to gain privileges
1532| [5903] Microsoft IIS 5.0 allows the viewing of files through malformed URL
1533| [5823] Microsoft IIS Web form submission denial of service
1534| [5729] Microsoft IIS Far East editions file disclosure
1535| [5510] Microsoft Internet Information Service (IIS) ISAPI buffer overflow
1536| [5470] Microsoft Internet Information Service (IIS) invalid executable filename passing
1537| [5441] Microsoft IIS .htw cross-site scripting
1538| [5377] Microsoft IIS Unicode translation error allows remote command execution
1539| [5335] Microsoft IIS Index Server directory traversal
1540| [5202] Microsoft IIS invalid URL allows attackers to crash service
1541| [5156] Microsoft IIS Cross-Site Scripting
1542| [5106] Microsoft IIS 4.0 discloses internal IP addresses
1543| [5104] Microsoft IIS allows remote attackers to obtain source code fragments using +.htr
1544| [5071] Microsoft IIS canonicalization error applies incorrect permissions to certain types of files
1545| [4960] Microsoft IIS on Win2kPro security button restriction
1546| [4951] Microsoft IIS absent directory browser argument
1547| [4790] Microsoft IIS \mailroot\pickup directory denial of service
1548| [4757] Microsoft IIS server-side includes (SSI) #exec directive
1549| [4558] Microsoft IIS is installed on a domain controller
1550| [4448] Microsoft IIS ISM.DLL could allow users to read file contents
1551| [4430] Microsoft IIS malformed URL extension data denial of service
1552| [4392] Microsoft IIS could reveal source code of ASP files in some virtual directories
1553| [4302] Microsoft IIS malformed AuthChangUrl request can cause the server to stop servicing requests
1554| [4279] Microsoft IIS escape characters denial of service
1555| [4204] Microsoft IIS virtual UNC share source read
1556| [4183] Microsoft IIS could disclose path of network shares
1557| [4117] Microsoft IIS chunked encoding post or put denial of service
1558| [3986] Microsoft IIS ASP could be used to gain sensitive information
1559| [3892] Microsoft IIS Long URL with excessive forward slashes passed to ASP causes an access violation
1560| [3306] Microsoft IIS could allow remote access to servers marked as Restrict Access
1561| [3115] Microsoft IIS and SiteServer denial of service caused by malformed HTTP requests
1562| [2675] Microsoft IIS 4.0 samples installation on Web server
1563| [2673] Microsoft IIS samples installation on Web server
1564| [2671] Microsoft IIS Passive FTP patch not applied (asp.dll out of date)
1565| [2670] Microsoft IIS Passive FTP patch not applied (wam.dll out of date)
1566| [2669] Microsoft IIS Passive FTP patch not applied (w3svc.dll out of date)
1567| [2668] Microsoft IIS Passive FTP patch not applied (infocomm.dll out of date)
1568| [2662] Microsoft IIS CGI overflow
1569| [2412] Microsoft IIS account is member of Domain Users
1570| [2381] Microsoft IIS and SiteServer Showcode.asp sample file allows remote file viewing
1571| [2302] Microsoft IIS using double-byte code pages could allow remote attackers to retrieve source code
1572| [2282] Microsoft IIS bdir.htr allows remote traversal of directory structure
1573| [2281] Microsoft IIS buffer overflow in HTR requests can allow remote code execution
1574| [2229] Microsoft IIS ExAir sample site denial of service
1575| [2185] Microsoft IIS and Site Server sample programs can be used to remotely view files
1576| [1823] Microsoft IIS long GET request denial of service
1577| [1735] Microsoft IIS with Visual InterDev no authentication
1578| [1656] Microsoft IIS 4.0 allows user to avoid HTTP request logging
1579| [1654] Microsoft IIS remote FTP buffer overflow
1580| [1638] Microsoft IIS crashes processing some GET commands
1581| [1530] Microsoft IIS 3.0 newdsn.exe sample application allows remote creation of arbitrary files
1582| [1368] Microsoft IIS 4.0 allows file execution in the Web site directory
1583| [1273] Microsoft IIS special characters allowed in shell
1584| [1272] Microsoft IIS CGI scripts run as system
1585| [1271] Microsoft IIS version 2 installed
1586| [1270] Microsoft IIS incorrect permissions on restricted item
1587| [1269] Microsoft IIS incorrect Web permissions
1588| [1268] Microsoft IIS SSI #exec enabled
1589| [1216] Microsoft IIS SSL patch not applied
1590| [1215] Microsoft IIS Passive FTP patch not applied
1591| [1212] Microsoft IIS unauthorized ODBC data access with RDS
1592| [1125] Microsoft IIS ASP DATA issue could reveal source code
1593| [949] Microsoft IIS server script debugging enabled
1594| [948] Microsoft IIS samples installed on Web server
1595| [936] Microsoft IIS NTFS insecure permissions
1596| [935] Microsoft IIS executable paths
1597| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
1598| [336] Microsoft IIS ASP dot bug
1599| [256] Microsoft IIS can be remotely crashed by excessively long client requests
1600| [7] Microsoft IIS ASP source visible
1601|
1602| Exploit-DB - https://www.exploit-db.com:
1603| [19033] microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities
1604| [17476] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053]
1605|
1606| OpenVAS (Nessus) - http://www.openvas.org:
1607| [902914] Microsoft IIS GET Request Denial of Service Vulnerability
1608| [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability
1609| [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
1610| [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
1611| [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
1612| [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
1613| [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability
1614| [900567] Microsoft IIS Security Bypass Vulnerability (970483)
1615| [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability
1616| [801669] Microsoft Windows IIS FTP Server DOS Vulnerability
1617| [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability
1618| [100952] Microsoft IIS FTPd NLST stack overflow
1619| [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability
1620| [10680] Test Microsoft IIS Source Fragment Disclosure
1621| [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
1622| [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045)
1623| [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)
1624| [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847)
1625| [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)
1626| [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830)
1627| [903017] Microsoft Office Remote Code Execution Vulnerability (2639185)
1628| [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
1629| [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)
1630| [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
1631| [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
1632| [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451)
1633| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
1634| [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184)
1635| [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913)
1636| [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135)
1637| [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
1638| [902920] Microsoft Office Remote Code Execution Vulnerability (2731879)
1639| [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
1640| [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
1641| [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
1642| [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X)
1643| [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352)
1644| [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)
1645| [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities
1646| [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
1647| [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
1648| [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
1649| [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992)
1650| [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
1651| [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
1652| [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
1653| [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability
1654| [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
1655| [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
1656| [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
1657| [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
1658| [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
1659| [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
1660| [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
1661| [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
1662| [902798] Microsoft SMB Signing Enabled and Not Required At Server
1663| [902797] Microsoft SMB Signing Information Disclosure Vulnerability
1664| [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
1665| [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
1666| [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
1667| [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
1668| [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
1669| [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
1670| [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
1671| [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
1672| [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465)
1673| [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226)
1674| [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
1675| [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
1676| [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
1677| [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)
1678| [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177)
1679| [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939)
1680| [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
1681| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
1682| [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)
1683| [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
1684| [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157)
1685| [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
1686| [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability
1687| [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
1688| [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability
1689| [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
1690| [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444)
1691| [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
1692| [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
1693| [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
1694| [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)
1695| [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
1696| [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048)
1697| [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)
1698| [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
1699| [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
1700| [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670)
1701| [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634)
1702| [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621)
1703| [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
1704| [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
1705| [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
1706| [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
1707| [902518] Microsoft .NET Framework Security Bypass Vulnerability
1708| [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
1709| [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
1710| [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)
1711| [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
1712| [902495] Microsoft Office Remote Code Execution Vulnerability (2590602)
1713| [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
1714| [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702)
1715| [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)
1716| [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)
1717| [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
1718| [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978)
1719| [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
1720| [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847)
1721| [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893)
1722| [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
1723| [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275)
1724| [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814)
1725| [902425] Microsoft Windows SMB Accessible Shares
1726| [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510)
1727| [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
1728| [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
1729| [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
1730| [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
1731| [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
1732| [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
1733| [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
1734| [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293)
1735| [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047)
1736| [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
1737| [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
1738| [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
1739| [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)
1740| [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
1741| [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953)
1742| [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960)
1743| [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)
1744| [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
1745| [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
1746| [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
1747| [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678)
1748| [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
1749| [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420)
1750| [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970)
1751| [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
1752| [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
1753| [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
1754| [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679)
1755| [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
1756| [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability
1757| [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability
1758| [902254] Microsoft Office Products Insecure Library Loading Vulnerability
1759| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
1760| [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
1761| [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011)
1762| [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886)
1763| [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799)
1764| [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
1765| [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168)
1766| [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
1767| [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
1768| [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)
1769| [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212)
1770| [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability
1771| [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
1772| [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
1773| [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381)
1774| [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability
1775| [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213)
1776| [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
1777| [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
1778| [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232)
1779| [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160)
1780| [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
1781| [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
1782| [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182)
1783| [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10
1784| [902133] Microsoft Office Excel Multiple Vulnerabilities (980150)
1785| [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935)
1786| [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
1787| [902115] Microsoft Kerberos Denial of Service Vulnerability (977290)
1788| [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
1789| [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)
1790| [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707)
1791| [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329)
1792| [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852)
1793| [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
1794| [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
1795| [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
1796| [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)
1797| [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094)
1798| [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816)
1799| [902033] Microsoft Windows '.ani' file Denial of Service vulnerability
1800| [902015] Microsoft Paint Remote Code Execution Vulnerability (978706)
1801| [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809)
1802| [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857)
1803| [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
1804| [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660)
1805| [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
1806| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
1807| [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926)
1808| [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448)
1809| [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947)
1810| [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)
1811| [901183] Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
1812| [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
1813| [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089)
1814| [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930)
1815| [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
1816| [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
1817| [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
1818| [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
1819| [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)
1820| [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290)
1821| [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)
1822| [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461)
1823| [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218)
1824| [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858)
1825| [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207)
1826| [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
1827| [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183)
1828| [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
1829| [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)
1830| [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
1831| [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309)
1832| [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
1833| [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
1834| [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307)
1835| [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
1836| [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
1837| [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
1838| [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability
1839| [900956] Microsoft Windows Patterns & Practices EntLib Version Detection
1840| [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
1841| [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
1842| [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)
1843| [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09
1844| [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09
1845| [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09
1846| [900887] Microsoft Office Excel Multiple Vulnerabilities (972652)
1847| [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
1848| [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059)
1849| [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
1850| [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
1851| [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
1852| [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
1853| [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
1854| [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
1855| [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability
1856| [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
1857| [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
1858| [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability
1859| [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability
1860| [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883)
1861| [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
1862| [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
1863| [900808] Microsoft Visual Products Version Detection
1864| [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability
1865| [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10
1866| [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)
1867| [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856)
1868| [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
1869| [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
1870| [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953)
1871| [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
1872| [900568] Microsoft Windows Search Script Execution Vulnerability (963093)
1873| [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
1874| [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557)
1875| [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
1876| [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability
1877| [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
1878| [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability
1879| [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability
1880| [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516)
1881| [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites
1882| [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514)
1883| [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09
1884| [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability
1885| [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
1886| [900314] Microsoft XML Core Service Information Disclosure Vulnerability
1887| [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability
1888| [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
1889| [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
1890| [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)
1891| [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)
1892| [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
1893| [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
1894| [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)
1895| [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
1896| [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
1897| [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
1898| [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)
1899| [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
1900| [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
1901| [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)
1902| [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
1903| [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434)
1904| [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)
1905| [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
1906| [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386)
1907| [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)
1908| [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902)
1909| [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
1910| [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
1911| [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
1912| [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)
1913| [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683)
1914| [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402)
1915| [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561)
1916| [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
1917| [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
1918| [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214)
1919| [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)
1920| [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
1921| [900192] Microsoft Internet Explorer Information Disclosure Vulnerability
1922| [900187] Microsoft Internet Explorer Argument Injection Vulnerability
1923| [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability
1924| [900173] Microsoft Windows Media Player Version Detection
1925| [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability
1926| [900170] Microsoft iExplorer '&NBSP
1927| [900131] Microsoft Internet Explorer Denial of Service Vulnerability
1928| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
1929| [900120] Microsoft Organization Chart Remote Code Execution Vulnerability
1930| [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
1931| [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
1932| [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
1933| [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
1934| [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
1935| [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
1936| [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
1937| [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
1938| [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
1939| [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
1940| [900048] Microsoft Excel Remote Code Execution Vulnerability (956416)
1941| [900047] Microsoft Office nformation Disclosure Vulnerability (957699)
1942| [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047)
1943| [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)
1944| [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
1945| [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
1946| [900025] Microsoft Office Version Detection
1947| [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability
1948| [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
1949| [855384] Solaris Update for snmp/mibiisa 108870-36
1950| [855273] Solaris Update for snmp/mibiisa 108869-36
1951| [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
1952| [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
1953| [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)
1954| [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
1955| [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
1956| [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
1957| [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)
1958| [802726] Microsoft SMB Signing Disabled
1959| [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities
1960| [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
1961| [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
1962| [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655)
1963| [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability
1964| [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)
1965| [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
1966| [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
1967| [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability
1968| [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities
1969| [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
1970| [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability
1971| [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability
1972| [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows)
1973| [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637)
1974| [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
1975| [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
1976| [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities
1977| [801934] Microsoft Silverlight Version Detection
1978| [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
1979| [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability
1980| [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability
1981| [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
1982| [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
1983| [801721] Microsoft Active Directory Denial of Service Vulnerability (953235)
1984| [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
1985| [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213)
1986| [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
1987| [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
1988| [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
1989| [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
1990| [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
1991| [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
1992| [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456)
1993| [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)
1994| [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
1995| [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
1996| [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities
1997| [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability
1998| [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
1999| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
2000| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
2001| [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
2002| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
2003| [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
2004| [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
2005| [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
2006| [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095)
2007| [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
2008| [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693)
2009| [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
2010| [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762)
2011| [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)
2012| [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349)
2013| [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
2014| [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
2015| [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565)
2016| [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)
2017| [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability
2018| [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
2019| [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10)
2020| [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10
2021| [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
2022| [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
2023| [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability
2024| [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
2025| [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
2026| [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
2027| [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities
2028| [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability
2029| [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
2030| [800902] Microsoft Internet Explorer XSS Vulnerability - July09
2031| [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09
2032| [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09
2033| [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
2034| [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
2035| [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2036| [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
2037| [800742] Microsoft Internet Explorer Unspecified vulnerability
2038| [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability
2039| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
2040| [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09
2041| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
2042| [800505] Microsoft HTML Help Workshop buffer overflow vulnerability
2043| [800504] Microsoft Windows XP SP3 denial of service vulnerability
2044| [800481] Microsoft SharePoint Cross Site Scripting Vulnerability
2045| [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
2046| [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
2047| [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
2048| [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
2049| [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
2050| [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)
2051| [800347] Microsoft Internet Explorer Clickjacking Vulnerability
2052| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
2053| [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability
2054| [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability
2055| [800331] Microsoft Windows Live Messenger Client Version Detection
2056| [800328] Integer Overflow vulnerability in Microsoft Windows Media Player
2057| [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability
2058| [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability
2059| [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability
2060| [800217] Microsoft Money Version Detection
2061| [800209] Microsoft Internet Explorer Version Detection (Win)
2062| [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
2063| [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
2064| [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability
2065| [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
2066| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
2067| [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127)
2068| [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902)
2069| [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969)
2070| [102015] Microsoft RPC Interface Buffer Overrun (KB824146)
2071| [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
2072| [101017] Microsoft MS03-018 security check
2073| [101016] Microsoft MS03-022 security check
2074| [101015] Microsoft MS03-034 security check
2075| [101014] Microsoft MS00-078 security check
2076| [101012] Microsoft MS03-051 security check
2077| [101010] Microsoft Security Bulletin MS05-004
2078| [101009] Microsoft Security Bulletin MS06-033
2079| [101007] Microsoft dotNET version grabber
2080| [101006] Microsoft Security Bulletin MS06-056
2081| [101005] Microsoft Security Bulletin MS07-040
2082| [101004] Microsoft MS04-017 security check
2083| [101003] Microsoft MS00-058 security check
2084| [101000] Microsoft MS00-060 security check
2085| [100950] Microsoft DNS server internal hostname disclosure detection
2086| [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability
2087| [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
2088| [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
2089| [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
2090| [100062] Microsoft Remote Desktop Protocol Detection
2091| [90024] Windows Vulnerability in Microsoft Jet Database Engine
2092| [80007] Microsoft MS00-06 security check
2093| [13752] Denial of Service (DoS) in Microsoft SMS Client
2094| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
2095| [11874] IIS Service Pack - 404
2096| [11808] Microsoft RPC Interface Buffer Overrun (823980)
2097| [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009)
2098| [11217] Microsoft's SQL Version Query
2099| [11177] Flaw in Microsoft VM Could Allow Code Execution (810030)
2100| [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380)
2101| [11142] IIS XSS via IDC error
2102| [11067] Microsoft's SQL Hello Overflow
2103| [11003] IIS Possible Compromise
2104| [10993] IIS ASP.NET Application Trace Enabled
2105| [10991] IIS Global.asa Retrieval
2106| [10936] IIS XSS via 404 error
2107| [10862] Microsoft's SQL Server Brute Force
2108| [10755] Microsoft Exchange Public Folders Information Leak
2109| [10732] IIS 5.0 WebDav Memory Leakage
2110| [10699] IIS FrontPage DoS II
2111| [10695] IIS .IDA ISAPI filter applied
2112| [10674] Microsoft's SQL UDP Info Query
2113| [10673] Microsoft's SQL Blank Password
2114| [10671] IIS Remote Command Execution
2115| [10667] IIS 5.0 PROPFIND Vulnerability
2116| [10661] IIS 5 .printer ISAPI filter applied
2117| [10657] NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability
2118| [10585] IIS FrontPage DoS
2119| [10576] Check for dangerous IIS default files
2120| [10575] Check for IIS .cnf file leakage
2121| [10573] IIS 5.0 Sample App reveals physical path of web root
2122| [10572] IIS 5.0 Sample App vulnerable to cross-site scripting attack
2123| [10537] IIS directory traversal
2124| [10492] IIS IDA/IDQ Path Disclosure
2125| [10491] ASP/ASA source using Microsoft Translate f: bug
2126| [10144] Microsoft SQL TCP/IP listener is running
2127|
2128| SecurityTracker - https://www.securitytracker.com:
2129| [1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords
2130| [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users
2131| [1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service
2132| [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service
2133| [1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls
2134| [1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service
2135| [1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code
2136| [1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests
2137| [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files
2138| [1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases
2139| [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service
2140| [1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code
2141| [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases
2142| [1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users
2143| [1008563] Microsoft IIS Fails to Log HTTP TRACK Requests
2144| [1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators
2145| [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
2146| [1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service
2147| [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
2148| [1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users
2149| [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code
2150| [1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files
2151| [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server
2152| [1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks
2153| [1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server
2154| [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers
2155| [1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service
2156| [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code
2157| [1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code
2158| [1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs
2159| [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services
2160| [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service
2161| [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server
2162| [1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server
2163| [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected
2164| [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries
2165| [1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information
2166| [1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code
2167| [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash
2168| [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users
2169| [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem
2170| [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall
2171| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
2172| [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error
2173| [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command
2174| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
2175| [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts
2176| [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users
2177| [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User
2178| [1028908] Microsoft Active Directory Federation Services Discloses Account Information to Remote Users
2179| [1028905] (Microsoft Issues Fix for Exchange Server) Oracle Fusion Middleware Bugs Let Remote Users Deny Service and Access and Modify Data
2180| [1028904] (Microsoft Issues Fix for Exchange Server) Oracle PeopleSoft Products Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
2181| [1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2182| [1028902] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
2183| [1028759] (Microsoft Issues Fix for Internet Explorer) Adobe Flash Player Buffer Overflows Let Remote Users Execute Arbitrary Code
2184| [1028756] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions
2185| [1028755] Microsoft Silverlight Null Pointer Dereference Lets Remote Users Execute Arbitrary Code
2186| [1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges
2187| [1028752] Microsoft DirectShow GIF Image Processing Flaw Lets Remote Users Execute Arbitrary Code
2188| [1028751] Microsoft Office TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
2189| [1028750] Microsoft Visual Studio .NET TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
2190| [1028749] Microsoft Lync TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
2191| [1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
2192| [1028745] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
2193| [1028651] Microsoft Internet Explorer Multiple Memory Corruption Bugs Let Remote Users Execute Arbitrary Code
2194| [1028650] Microsoft Office Buffer Overflow in PNG Image Processing Lets Remote Users Execute Arbitrary Code
2195| [1028560] Microsoft Visio Discloses Information to Remote Users
2196| [1028558] Microsoft .NET Flaws Let Remote Users Bypass Authentication and Bypass XML File Signature Verification
2197| [1028557] Microsoft Malware Protection Engine Flaw Lets Remote Users Execute Arbitrary Code
2198| [1028553] Microsoft Word RTF Shape Data Parsing Error Lets Remote Users Execute Arbitrary Code
2199| [1028552] Microsoft Publisher Multiple Bugs Let Remote Users Execute Arbitrary Code
2200| [1028551] Microsoft Lync Object Access Flaw Lets Remote Users Execute Arbitrary Code
2201| [1028550] Microsoft Office Communicator Object Access Flaw Lets Remote Users Execute Arbitrary Code
2202| [1028545] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
2203| [1028514] Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code
2204| [1028412] Microsoft SharePoint Server Discloses Files to Remote Authenticated Users
2205| [1028411] Microsoft Office Web Apps Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks
2206| [1028410] Microsoft InfoPath Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks
2207| [1028409] Microsoft Groove Server Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks
2208| [1028408] Microsoft SharePoint Input Validation Flaw in HTML Sanitization Component Permits Cross-Site Scripting Attacks
2209| [1028405] Microsoft Active Directory LDAP Processing Flaw Lets Remote Users Deny Service
2210| [1028404] Microsoft Antimalware Client Path Name Flaw Lets Local Users Gain Elevated Privileges
2211| [1028398] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
2212| [1028281] Microsoft Office for Mac HTML Loading Bug Lets Remote Users Obtain Potentially Sensitive Information
2213| [1028279] Microsoft OneNote Buffer Validation Flaw Lets Remote Users Obtain Potentially Sensitive Information
2214| [1028278] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks
2215| [1028276] Microsoft Visio Viewer Tree Object Type Confusion Error Lets Remote Users Execute Arbitrary Code
2216| [1028275] Microsoft Internet Explorer Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
2217| [1028273] Microsoft Silverlight Memory Pointer Dereference Lets Remote Users Execute Arbitrary Code
2218| [1028123] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions
2219| [1028119] Microsoft DirectShow Media Decompression Flaw Lets Remote Users Execute Arbitrary Code
2220| [1028117] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Access Information Across Domains
2221| [1028116] Microsoft Internet Explorer Vector Markup Language Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2222| [1027949] Microsoft .NET Open Data (OData) Protocol Bug Lets Remote Users Deny Service
2223| [1027948] Microsoft System Center Configuration Manager Input Validation Flaws Permit Cross-Site Scripting Attacks
2224| [1027945] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions
2225| [1027943] Microsoft XML Core Services (MSXML) XML Parsing Flaws Let Remote Users Execute Arbitrary Code
2226| [1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates
2227| [1027930] Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code
2228| [1027870] Microsoft Internet Explorer Discloses Mouse Location to Remote Users
2229| [1027859] Microsoft DirectPlay Heap Overflow Lets Remote Users Execute Arbitrary Code
2230| [1027857] Microsoft Exchange Server RSS Feed Bug Lets Remote Users Deny Service
2231| [1027852] Microsoft Word RTF Parsing Error Lets Remote Users Execute Arbitrary Code
2232| [1027851] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
2233| [1027753] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions
2234| [1027752] Microsoft Excel Buffer Overflow, Memory Corruption, and Use-After-Free Errors Let Remote Users Execute Arbitrary Code
2235| [1027749] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
2236| [1027647] EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords
2237| [1027629] Microsoft Office InfoPath HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
2238| [1027628] Microsoft Office Communicator HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
2239| [1027627] Microsoft Lync HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
2240| [1027626] Microsoft SharePoint HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
2241| [1027625] Microsoft Groove Server HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
2242| [1027623] Microsoft SQL Server Input Validation Flaw in Reporting Services Permits Cross-Site Scripting Attacks
2243| [1027621] Microsoft Works Heap Corruption Flaw Lets Remote Users Execute Arbitrary Code
2244| [1027620] Microsoft Kerberos Null Pointer Dereference Lets Remote Users Deny Service
2245| [1027618] Microsoft Word Memory Errors Let Remote Users Execute Arbitrary Code
2246| [1027555] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
2247| [1027538] Microsoft Internet Explorer execCommand Flaw Lets Remote Users Execute Arbitrary Code
2248| [1027512] Microsoft System Center Configuration Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
2249| [1027511] Microsoft Visual Studio Team Foundation Server Input Validation Flaw Permits Cross-Site Scripting Attacks
2250| [1027394] Microsoft Visio Buffer Overflow in Processing DXF Format Files Lets Remote Users Execute Arbitrary Code
2251| [1027393] Microsoft Office CGM Graphics File Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2252| [1027392] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
2253| [1027390] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
2254| [1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2255| [1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2256| [1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2257| [1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2258| [1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2259| [1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2260| [1027295] Microsoft SharePoint Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code
2261| [1027294] Microsoft Exchange Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code
2262| [1027234] Microsoft Office for Mac Folder Permission Flaw Lets Local Users Gain Elevated Privileges
2263| [1027232] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting, Information Disclosure, and URL Redirection Attacks
2264| [1027229] Microsoft Office DLL Loading Error Lets Remote Users Execute Arbitrary Code
2265| [1027228] Microsoft Visual Basic for Applications DLL Loading Error Lets Remote Users Execute Arbitrary Code
2266| [1027227] Microsoft Data Access Components (MDAC) ADO Cachesize Buffer Overflow Lets Remote Users Execute Arbitrary Code
2267| [1027226] Microsoft Internet Explorer Deleted Object Access Bugs Let Remote Users Execute Arbitrary Code
2268| [1027157] Microsoft XML Core Services (MSXML) Object Access Error Lets Remote Users Execute Arbitrary Code
2269| [1027151] Microsoft Dynamics AX Input Validation Flaw Permits Cross-Site Scripting Attacks
2270| [1027150] Microsoft Lync DLL Loading Error Lets Remote Users Execute Arbitrary Code
2271| [1027149] Microsoft .NET Memory Access Bug Lets Remote Users Execute Arbitrary Code
2272| [1027147] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information
2273| [1027114] Microsoft Windows Includes Some Invalid Certificates
2274| [1027048] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code and Deny Service
2275| [1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges
2276| [1027042] Microsoft Visio Viewer Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2277| [1027041] Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code
2278| [1027040] Microsoft Silverlight Double Free Memory Error Lets Remote Users Execute Arbitrary Code
2279| [1027038] Microsoft GDI+ Bugs Let Remote Users Execute Arbitrary Code
2280| [1027036] Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code
2281| [1027035] Microsoft Word RTF Processing Flaw Lets Remote Users Execute Arbitrary Code
2282| [1026911] Microsoft Office WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code
2283| [1026910] Microsoft Works WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code
2284| [1026909] Microsoft Forefront Unified Access Gateway Bugs Let Remote Users Obtain Potentially Sensitive Information and Conduct Browser Redirection Attacks
2285| [1026907] Microsoft .NET Parameter Validation Flaw Lets Remote Users Execute Arbitrary Code
2286| [1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2287| [1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2288| [1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2289| [1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2290| [1026901] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
2291| [1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2292| [1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
2293| [1026794] Microsoft DirectWrite Unicode Character Processing Flaw Lets Remote Users Deny Service
2294| [1026792] Microsoft Visual Studio Lets Local Users Gain Elevated Privileges
2295| [1026791] Microsoft Expression Design DLL Loading Error Lets Remote Users Execute Arbitrary Code
2296| [1026789] Microsoft DNS Server Lets Remote Users Deny Service
2297| [1026686] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting Attacks
2298| [1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
2299| [1026684] Microsoft Visio Viewer Multiple Bugs Let Remote Users Execute Arbitrary Code
2300| [1026681] Microsoft Silverlight Bugs Let Remote Users Execute Arbitrary Code
2301| [1026680] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code
2302| [1026677] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
2303| [1026499] Microsoft Anti-Cross Site Scripting Library Flaw May Permit Cross-Site Scripting Attacks
2304| [1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code
2305| [1026479] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users
2306| [1026469] Microsoft ASP.NET Hash Table Collision Bug Lets Remote Users Deny Service
2307| [1026416] Microsoft Office IME (Chinese) Lets Local Users Gain Elevated Privileges
2308| [1026414] Microsoft Publisher Multiple Errors Let Remote Users Execute Arbitrary Code
2309| [1026413] Microsoft Internet Explorer DLL Loading Error Lets Remote Users Execute Arbitrary Code and HTML Processing Bugs Let Remote Users Obtain Information
2310| [1026412] Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code
2311| [1026411] Microsoft PowerPoint DLL Loading and OfficeArt Object Processing Flaws Let Remote Users Execute Arbitrary Code
2312| [1026410] Microsoft Office Excel File Memory Error Lets Remote Users Execute Arbitrary Code
2313| [1026409] Microsoft Office Use-After-Free Bug Lets Remote Users Execute Arbitrary Code
2314| [1026408] Microsoft Internet Explorer Error in Microsoft Time Component Lets Remote Users Execute Arbitrary Code
2315| [1026294] Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication
2316| [1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
2317| [1026220] Microsoft Publisher 'Pubconv.dll' Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2318| [1026169] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permits Cross-Site Scripting, HTTP Response Splitting, and Denial of Service Attacks
2319| [1026168] Microsoft Host Integration Server Bugs Let Remote Users Deny Service
2320| [1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
2321| [1026164] Microsoft Active Accessibility Component DLL Loading Error Lets Remote Users Execute Arbitrary Code
2322| [1026162] Microsoft .NET Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code
2323| [1026161] Microsoft Silverlight Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code
2324| [1026160] Microsoft Internet Explorer Multiple Flaws Let Remote Users Execute Arbitrary Code
2325| [1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions
2326| [1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code
2327| [1026040] Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting and Information Disclosure Attacks
2328| [1026039] Microsoft Office DLL Loading Error and Unspecified Bug Lets Remote Users Execute Arbitrary Code
2329| [1026038] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code
2330| [1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges
2331| [1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services
2332| [1025905] Microsoft .NET Socket Trust Validation Error Lets Remote Users Obtain Information and Redirect Certain Network Traffic
2333| [1025903] Microsoft Visual Studio Input Validation Hole Permits Cross-Site Scripting Attacks
2334| [1025902] Microsoft ASP.NET Chart Control Remote File Disclosure
2335| [1025896] Microsoft Visio Memory Corruption Errors Let Remote Users Execute Arbitrary Code
2336| [1025895] Microsoft Data Access Components Insecure Library Loading Lets Remote Users Execute Arbitrary Code
2337| [1025894] Microsoft DNS Server Flaws Let Remote Users Execute Arbitrary Code and Deny Service
2338| [1025893] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
2339| [1025847] Microsoft Internet Explorer Flaw in Processing EUC-JP Encoded Characters Lets Remote Users Conduct Cross-Site Scripting Attacks
2340| [1025763] Microsoft Visio May Load DLLs Unsafely and Remotely Execute Arbitrary Code
2341| [1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code
2342| [1025675] Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code
2343| [1025655] Microsoft MHTML Input Validation Hole Permits Cross-Site Scripting Attacks
2344| [1025654] Microsoft Internet Explorer Vector Markup Language (VML) Object Access Error Lets Remote Users Execute Arbitrary Code
2345| [1025653] Microsoft Active Directory Input Validation Flaw in Certificate Services Web Enrollment Permits Cross-Site Scripting Attacks
2346| [1025649] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
2347| [1025648] Microsoft SQL Server XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information
2348| [1025647] Microsoft Visual Studio XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information
2349| [1025646] Microsoft Office InfoPath XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information
2350| [1025644] Microsoft Hyper-V VMBus Packet Validation Flaw Lets Local Users Deny Service
2351| [1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
2352| [1025642] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code
2353| [1025641] Microsoft .NET JIT Compiler Validation Flaw Lets Remote Users Execute Arbitrary Code
2354| [1025639] Microsoft Distributed File System Bugs Let Remote Users Deny Service and Execute Arbitrary Code
2355| [1025637] Microsoft Forefront Threat Management Gateway Bounds Validation Flaw in Winsock Provider Lets Remote Users Execute Arbitrary Code
2356| [1025636] Microsoft .NET Array Offset Error Lets Remote Users Execute Code
2357| [1025635] Microsoft Silverlight Array Offset Error Lets Remote Users Execute Arbitrary Code
2358| [1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code
2359| [1025513] Microsoft PowerPoint Memory Corruption Errors Let Remote Users Execute Arbitrary Code
2360| [1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code
2361| [1025360] Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code
2362| [1025359] Microsoft MHTML Stack Overflow Lets Remote Users Execute Arbitrary Code
2363| [1025347] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2364| [1025346] Microsoft Foundation Classes May Load DLLs Unsafely and Remotely Execute Arbitrary Code
2365| [1025344] Microsoft WordPad Parsing Error Lets Remote Users Execute Arbitrary Code
2366| [1025343] Microsoft Office DLL Loading and Graphic Object Processing Flaws Let Remote Users Execute Arbitrary Code
2367| [1025340] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code
2368| [1025337] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code
2369| [1025335] Microsoft GDI+ EMF Image Integer Overflow Lets Remote Users Execute Arbitrary Code
2370| [1025334] Microsoft OpenType Compact Font Format (CFF) Driver Stack Overflow Lets Remote Users Execute Arbitrary Code
2371| [1025333] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
2372| [1025331] Microsoft .NET Stack Corruption Error in JIT Compiler Lets Remote Users Execute Arbitrary Code
2373| [1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code
2374| [1025327] Microsoft Internet Explorer Bugs Let Remote Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Hijack User Clicks
2375| [1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service
2376| [1025248] Microsoft Windows Includes Some Invalid Comodo Certificates
2377| [1025171] Microsoft Groove DLL Loading Error Lets Remote Users Execute Arbitrary Code
2378| [1025170] Microsoft DirectShow DLL Loading Error Lets Remote Users Execute Arbitrary Code
2379| [1025164] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar
2380| [1025117] Microsoft Malware Protection Engine Registry Processing Error Lets Local Users Gain Elevated Privileges
2381| [1025086] Microsoft Active Directory Heap Overflow in Processing BROWSER ELECTION Packets May Let Remote Users Execute Arbitrary Code
2382| [1025049] Microsoft Local Security Authority Subsystem Service (LSASS) Lets Local Users Gain Elevated Privileges
2383| [1025044] Microsoft JScript and VBScript Disclose Information to Remote Users
2384| [1025043] Microsoft Visio Memory Corruption Error in Processing Visio Files Lets Remote Users Execute Arbitrary Code
2385| [1025042] Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service
2386| [1025038] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
2387| [1025003] Microsoft MHTML Input Validation Hole May Permit Cross-Site Scripting Attacks
2388| [1024947] Microsoft Data Access Components (MDAC) Memory Corruption Errors in Processing DSN Data and ADO Records Let Remote Users Execute Arbitrary Code
2389| [1024940] Microsoft Internet Explorer Use-After-Free in 'mshtml.dll' May Let Remote Users Execute Arbitrary Code
2390| [1024925] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2391| [1024922] Microsoft Internet Explorer Recursive CSS Import Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2392| [1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service
2393| [1024887] Microsoft Office Graphics Filters Let Remote Users Execute Arbitrary Code
2394| [1024886] Microsoft SharePoint Input Validation Flaw in Processing SOAP Requests Let Remote Users Execute Arbitrary Code
2395| [1024885] Microsoft Publisher Bugs Let Remote Users Execute Arbitrary Code
2396| [1024884] Microsoft Hyper-V Input Validation Flaw Lets Local Guest Operating System Users Deny Service
2397| [1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code
2398| [1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code
2399| [1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges
2400| [1024872] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks
2401| [1024790] Microsoft Outlook Attachment Processing Flaw Lets Remote Users Deny Service
2402| [1024707] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permit Cross-Site Scripting and URL Redirection Attacks
2403| [1024706] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code
2404| [1024705] Microsoft Office Flaws Let Remote Users Execute Arbitrary Code
2405| [1024676] Microsoft Internet Explorer Freed Object Invalid Flag Reference Access Lets Remote Users Execute Arbitrary Code
2406| [1024630] Microsoft Internet Explorer 'window.onerror' Callback Lets Remote Users Obtain Information From Other Domains
2407| [1024559] Microsoft SharePoint Input Validation Hole in SafeHTML Permits Cross-Site Scripting Attacks
2408| [1024558] Microsoft Cluster Service Disk Permission Flaw Lets Local Users Gain Elevated Privileges
2409| [1024557] Microsoft Foundation Classes Library Buffer Overflow in Window Title Lets Remote Users Execute Arbitrary Code
2410| [1024552] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
2411| [1024551] Microsoft Office Word Processing Flaws Let Remote Users Execute Arbitrary Code
2412| [1024546] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks
2413| [1024543] Microsoft .NET Framework JIT Compiler Memory Access Error Lets Remote Users Execute Arbitrary Code
2414| [1024459] Microsoft ASP.NET Padding Oracle Attack Lets Remote Users Decrypt Data
2415| [1024445] Microsoft Outlook Web Access Authentication Flaw Lets Remote Users Hijack User Sessions
2416| [1024443] Microsoft Local Security Authority Subsystem Service (LSASS) Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code
2417| [1024442] Microsoft WordPad Parsing Error in Text Converters Lets Remote Users Execute Arbitrary Code
2418| [1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code
2419| [1024440] Microsoft Internet Information Services Bugs Let Remote Users Bypass Authentication, Deny Service, and Execute Arbitrary Code
2420| [1024439] Microsoft Outlook Heap Overflow Lets Remote Users Execute Arbitrary Code
2421| [1024438] Microsoft Office Unicode Font Parsing in USP10.DLL Lets Remote Users Execute Arbitrary Code
2422| [1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges
2423| [1024310] Microsoft Office Excel Flaw Lets Remote Users Execute Arbitrary Code
2424| [1024306] Microsoft Silverlight Memory Corruption Errors Let Remote Users Execute Arbitrary Code
2425| [1024305] Microsoft .NET Framework Virtual Method Delegate Processing Error Lets Remote Users Execute Arbitrary Code
2426| [1024304] Microsoft Cinepak Codec Memory Pointer Error Lets Remote Users Execute Arbitary Code
2427| [1024303] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks
2428| [1024302] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code
2429| [1024301] Microsoft XML Core Services (MSXML) HTTP Response Processing Flaw Lets Remote Users Execute Arbitrary Code
2430| [1024298] Microsoft Office Word RTF, Word, and HTML Processing Errors Let Remote Users Execute Arbitrary Code
2431| [1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code
2432| [1024189] Microsoft Office Outlook Validation Error in Processing Attachments Lets Remote Users Execute Arbitrary Code
2433| [1024188] Microsoft Office Access ActiveX Controls Let Remote Users Execute Arbitrary Code
2434| [1024084] Microsoft Help and Support Center URL Escaping Flaw Lets Remote Users Execute Arbitrary Commands
2435| [1024080] Microsoft .NET XML Digital Signature Flaw May Let Remote Users Bypass Authentication
2436| [1024079] Microsoft Internet Information Services Memory Allocation Error Lets Remote Authenticated Users Execute Arbitrary Code
2437| [1024078] Microsoft SharePoint Input Validation Flaw in toStaticHTML API Permits Cross-Site Scripting Attacks
2438| [1024077] Microsoft SharePoint Help Page Processing Bug Lets Remote Users Deny Service
2439| [1024076] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
2440| [1024075] Microsoft Office Open XML File Format Converter for Mac Lets Local Users Gain Elevated Privileges
2441| [1024073] Microsoft Office COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code
2442| [1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2443| [1024068] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
2444| [1023975] Microsoft Office Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code
2445| [1023974] Microsoft Visual Basic for Applications Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code
2446| [1023972] Microsoft Outlook Express Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code
2447| [1023938] Microsoft Office Visio Buffer Overflow in Processing DXF Files Lets Remote Users Execute Arbitrary Code
2448| [1023932] Microsoft Office SharePoint Input Validation Flaw in 'help.aspx' Permits Cross-Site Scripting Attacks
2449| [1023856] Microsoft Visio Index Calculation and Attribute Validation Flaws Let Remote Users Execute Code
2450| [1023855] Microsoft Exchange May Disclose Message Fragments to Remote Users
2451| [1023854] Microsoft Exchange Error in Parsing MX Records Lets Remote Users Deny Service
2452| [1023853] Microsoft Office Publisher TextBox Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code
2453| [1023848] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code
2454| [1023773] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
2455| [1023720] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges
2456| [1023699] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code
2457| [1023698] Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code
2458| [1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
2459| [1023567] Microsoft Hyper-V Instruction Validation Bug Lets Local Users Deny Service
2460| [1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service
2461| [1023565] Microsoft Office Buffer Overflow in 'MSO.DLL' Lets Remote Users Execute Arbitrary Code
2462| [1023564] Microsoft Paint Integer Overflow Lets Remote Users Execute Arbitrary Code
2463| [1023563] Microsoft PowerPoint Buffer Overflows and Memory Errors Let Remote Users Execute Arbitrary Code
2464| [1023562] Microsoft DirectShow Heap Overflow Lets Remote Users Execute Arbitrary Code
2465| [1023560] Microsoft Internet Explorer Flaw in Microsoft Data Analyzer ActiveX Control Lets Remote Users Execute Arbitrary Code
2466| [1023542] Microsoft Internet Explorer Discloses Known Files to Remote Users
2467| [1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code
2468| [1023494] Microsoft Internet Explorer Cross-Site Scripting Filter Can Be Bypassed
2469| [1023493] Microsoft Internet Explorer Multiple Memory Access Flaws Let Remote Users Execute Arbitrary Code
2470| [1023462] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code
2471| [1023432] Microsoft Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
2472| [1023301] Microsoft Internet Explorer Indeo Codec Bugs Let Remote Users Execute Arbitrary Code
2473| [1023297] Microsoft Local Security Authority Subsystem Service Validation Flaw Lets Remote Users Deny Service
2474| [1023296] Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites
2475| [1023294] Microsoft Office Word and WordPad Text Converter Memory Errors Let Remote Users Execute Arbitrary Code
2476| [1023293] Microsoft Internet Explorer Memory Access Flaws Let Remote Users Execute Arbitrary Code
2477| [1023292] Microsoft Office Publisher Memory Allocation Validation Flaw Lets Remote Users Execute Arbitrary Code
2478| [1023291] Microsoft Internet Authentication Service Bugs Let Remote Authenticated Users Execute Arbitrary Code or Gain Privileges of the Target User
2479| [1023233] Microsoft Internet Explorer Discloses Local Path Names When Printing Local HTML Files to PDF Files
2480| [1023226] Microsoft Internet Explorer Invalid Pointer Reference in getElementsByTagName() Method Lets Remote Users Execute Arbitrary Code
2481| [1023158] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2482| [1023157] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code
2483| [1023156] Microsoft Active Directory Stack Memory Consumption Flaw Lets Remote Users Deny Service
2484| [1023154] Microsoft License Logging Service Buffer Overflow Lets Remote Users Execute Arbitrary Code
2485| [1023153] Microsoft Web Services on Devices API (WSDAPI) Validation Error Lets Remote Users Execute Arbitrary Code
2486| [1023013] Microsoft Crypto API NULL Character Flaw in Common Name Field and ASN.1 Integer Overflow Lets Remote Users Spoof Certficiates
2487| [1023011] Microsoft Indexing Service ActiveX Control Lets Remote Users Execute Arbitrary Code
2488| [1023010] Microsoft Local Security Authority Subsystem Service (LSASS) Integer Underflow Lets Local Users Deny Service
2489| [1023009] Microsoft Silverlight Memory Modification Flaw Lets Remote Users Execute Arbitrary Code
2490| [1023008] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code
2491| [1023006] Microsoft GDI+ Overflows Let Remote Users Execute Arbitrary Code
2492| [1023002] Microsoft Internet Explorer Flaws Let Remote Users Execute Arbitrary Code
2493| [1022846] Microsoft Wireless LAN AutoConfig Service Heap Overflow Lets Remote Wireless Users Execute Arbitrary Code
2494| [1022843] Microsoft DHTML Editing Component ActiveX Control Lets Remote Users Execute Arbitrary Code
2495| [1022842] Microsoft JScript Scripting Engine Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2496| [1022716] Microsoft Telnet NTLM Credential Reflection Flaw Lets Remote Users Gain Access
2497| [1022715] Microsoft ASP.NET Request Scheduling Flaw Lets Remote Users Deny Service
2498| [1022712] Microsoft Active Template Library (ATL) Bugs Let Remote Users Execute Arbitrary Code
2499| [1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code
2500| [1022708] Microsoft Office Web Components Buffer Overflows in ActiveX Control Let Remote Users Execute Arbitrary Code
2501| [1022611] Microsoft Internet Explorer Memory Corruption Bugs Let Remote Users Execute Arbitrary Code
2502| [1022610] Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
2503| [1022547] Microsoft Internet Security and Acceleration Server OTP Authentication Bug Lets Remote Users Access Resources
2504| [1022546] Microsoft Office Publisher Pointer Dereference Bug Lets Remote Users Execute Arbitrary Code
2505| [1022545] Microsoft DirectX DirectShow Validation Bugs Let Remote Users Execute Arbitrary Code
2506| [1022544] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges Within a Guest Operating System
2507| [1022535] Microsoft Office Web Components Bug in Spreadsheet ActiveX Control Lets Remote Users Execute Arbitrary Code
2508| [1022514] Microsoft DirectShow Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code
2509| [1022369] Microsoft PowerPoint Buffer Overflow in Freelance Translator Lets Remote Users Execute Arbitrary Code
2510| [1022358] Microsoft Internet Information Services WebDAV Bug Lets Remote Users Bypass Authentication
2511| [1022356] Microsoft Word Buffer Overflows Let Remote USers Execute Arbitrary Code
2512| [1022355] Microsoft Office Works Document Converter Bug Lets Remote Users Execute Arbitrary Code
2513| [1022354] Microsoft Works Document Converter Bug Lets Remote Users Execute Arbitrary Code
2514| [1022351] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code
2515| [1022350] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
2516| [1022349] Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service
2517| [1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service
2518| [1022299] Microsoft DirectX Bug in DirectShow QuickTime Parser Lets Remote Users Execute Arbitrary Code
2519| [1022240] Microsoft Internet Information Server WebDAV Input Validation Flaw Lets Remote Users Execute Arbitrary Code
2520| [1022205] Microsoft PowerPoint Has Multiple Buffer Overflows and Memory Corruption Bugs That Let Remote Users Execute Arbitrary Code
2521| [1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code
2522| [1022046] Microsoft ISA Server Input Validation Flaw in 'cookieauth.dll' Permits Cross-Site Scripting Attacks
2523| [1022045] Microsoft ISA Server TCP State Error Lets Remote Users Deny Service
2524| [1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges
2525| [1022043] Microsoft WordPad and Office Text Converter Bugs Let Remote Users Execute Arbitrary Code
2526| [1022042] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
2527| [1022040] Microsoft DirectX Bug in Decompressing DirectShow MJPEG Content Lets Remote Users Execute Arbitrary Code
2528| [1022039] Microsoft Excel Malformed Object Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
2529| [1021967] Microsoft Office PowerPoint Invalid Object Access Bug Lets Remote Users Execute Arbitrary Code
2530| [1021880] Microsoft Internet Explorer Unspecified Bug Lets Remote Users Execute Arbitrary Code
2531| [1021831] Microsoft DNS Server Bugs Let Remote Users Spoof the DNS Service
2532| [1021830] Microsoft DNS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks
2533| [1021829] Microsoft WINS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks
2534| [1021744] Microsoft Excel Invalid Object Access Flaw Lets Remote Users Execute Arbitrary Code
2535| [1021702] Microsoft Visio Bugs Let Remote Users Execute Arbitrary Code
2536| [1021701] Microsoft Exchange MAPI Command Literal Processing Bug Lets Remote Users Deny Service
2537| [1021700] Microsoft Exchange Memory Corruption Error in Decoding TNEF Data Lets Remote Users Execute Arbitrary Code
2538| [1021699] Microsoft Internet Explorer Bugs in Handling CSS Sheets and Deleted Objects Lets Remote Users Execute Arbitrary Code
2539| [1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution
2540| [1021490] Microsoft SQL Server Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code
2541| [1021381] Microsoft Internet Explorer DHTML Data Binding Invalid Pointer Reference Bug Lets Remote Users Execute Arbitrary Code
2542| [1021376] Microsoft WordPad Word 97 Text Converter Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2543| [1021371] Microsoft Internet Explorer HTML Processing Bugs Let Remote Users Execute Arbitrary Code
2544| [1021370] Microsoft Word Memory Corruption Errors Let Remote Users Execute Arbitrary Code
2545| [1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code
2546| [1021368] Microsoft Excel Formula, Object, and Global Array Bugs Let Remote Users Execute Arbitrary Code
2547| [1021367] Microsoft Office SharePoint Server Access Control Flaw Lets Remote Users Gain Administrative Access
2548| [1021365] Microsoft GDI Buffer Overflows in Processing WMF Files Lets Remote Users Execute Arbitrary Code
2549| [1021363] Microsoft SQL Server Memory Overwrite Bug in sp_replwritetovarbin May Let Remote Users Execute Arbitrary Code
2550| [1021294] Microsoft Office Communicator VoIP Processing Bugs Let Remote Users Deny Service
2551| [1021164] Microsoft XML Core Services (MSXML) Bugs Let Remote Users Obtain Information and Execute Arbitrary Code
2552| [1021053] Microsoft Ancillary Function Driver 'afd.sys' Lets Local Users Gain Elevated Privileges
2553| [1021052] Microsoft Message Queuing (MSMQ) Heap Overflow Lets Remote Users Execute Arbitrary Code
2554| [1021047] Microsoft Internet Explorer Flaws Permit Cross-Domain Scripting Attacks and Let Remote Users Execute Arbitrary Code
2555| [1021045] Microsoft Office CDO Protocol Bug Lets Remote Users Execute Arbitrary Scripting Code
2556| [1021044] Microsoft Excel Object, Calendar, and Formula Bugs Let Remote Users Execute Arbitrary Code
2557| [1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code
2558| [1021042] Microsoft Active Directory LDAP Memory Allocation Error Lets Remote Users Execute Arbitrary Code
2559| [1021020] Cisco Unity Bug in Microsoft API Lets Remote Users Deny Service
2560| [1021018] Microsoft Digital Image 'PipPPush.DLL' ActiveX Control Lets Remote Users Access Files
2561| [1020838] Microsoft GDI+ Integer Overflow in Processing BMP Files Lets Remote Users Execute Arbitrary Code
2562| [1020837] Microsoft GDI+ Buffer Overflow in Processing WMF Files Lets Remote Users Execute Arbitrary Code
2563| [1020836] Microsoft GDI+ Bug in Processing GIF Image Files Lets Remote Users Execute Arbitrary Code
2564| [1020835] Microsoft GDI+ Memory Corruption Error in Processing EMF Image Files Lets Remote Users Execute Arbitrary Code
2565| [1020834] Microsoft GDI+ Heap Overflow in Processing Gradient Sizes Lets Remote Users Execute Arbitrary Code
2566| [1020833] Microsoft Office OneNote Buffer Overflow Lets Remote Users Execute Arbitrary Code
2567| [1020679] Microsoft Outlook Express MTHML Redirect Bug Lets Remote Users Obtain Information
2568| [1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases
2569| [1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code
2570| [1020676] Microsoft PowerPoint Memory Errors Let Remote Users Execute Arbitrary Code
2571| [1020675] Microsoft Color Management Module Heap Overflow Lets Remote Users Execute Arbitrary Code
2572| [1020674] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code
2573| [1020673] Microsoft Office Format Filter Bugs Let Remote Users Execute Arbitrary Code
2574| [1020672] Microsoft Excel Input Validation Bug in Parsing Records Lets Remote Users Execute Arbitrary Code
2575| [1020671] Microsoft Excel Input Validation Bug in Processing Array Index Values Lets Remote Users Execute Arbitrary Code
2576| [1020670] Microsoft Excel Input Validation Bug in Processing Index Values Lets Remote Users Execute Arbitrary Code
2577| [1020669] Microsoft Excel Credential Caching Bug Lets Local Users Gain Access to Remote Data Sources
2578| [1020607] Mac OS X Quick Look Buffer Overflow in Downloading Microsoft Office Files Lets Remote Users Execute Arbitrary Code
2579| [1020447] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2580| [1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code
2581| [1020441] Microsoft SQL Server Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code
2582| [1020439] Microsoft Outlook Web Access for Exchange Server Input Validation Bugs Permit Cross-Site Scripting Attacks
2583| [1020433] Microsoft Access Snapshot Viewer ActiveX Control Lets Remote Users Download Files to Arbitrary Locations
2584| [1020382] Microsoft Internet Explorer Lets Remote Users Conduct Cross-Domain Scripting Attacks
2585| [1020232] Microsoft Speech API Lets Remote Users Execute Arbitrary Commands
2586| [1020229] Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service
2587| [1020228] Microsoft WINS Data Structure Validation Bug Lets Local Users Gain Elevated Privileges
2588| [1020226] Microsoft Internet Explorer HTTP Request Header Bug May Let Remote Users Obtain Information in a Different Domain
2589| [1020225] Microsoft Internet Explorer Bug in Processing Method Calls Lets Remote Users Execute Arbitrary Code
2590| [1020223] Microsoft DirectX SAMI File Validation Bug Lets Remote Users Execute Arbitrary Code
2591| [1020222] Microsoft DirectX MJPEG Stream Error Handling Bug Lets Remote Users Execute Arbitrary Code
2592| [1020016] Microsoft Malware Protection Engine Lets Remote Users Deny Service
2593| [1020015] Microsoft Publisher Bug in Processing Object Header Data Lets Remote Users Execute Arbitrary Code
2594| [1020014] Microsoft Word Memory Error in Processing CSS Values Lets Remote Users Execute Arbitrary Code
2595| [1020013] Microsoft Word Memory Error in Processing RTF Files Lets Remote Users Execute Arbitrary Code
2596| [1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges
2597| [1019804] Microsoft Visio Lets Remote Users Execute Arbitrary Code
2598| [1019801] Microsoft Internet Explorer Data Stream Processing Bug Lets Remote Users Execute Arbitrary Code
2599| [1019800] Microsoft Internet Explorer 'hxvz.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code
2600| [1019798] Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code
2601| [1019797] Microsoft Project Memory Error Lets Remote Users Execute Arbitrary Code
2602| [1019738] Microsoft Office S/MIME Processing Lets Remote Users Access Arbitrary URLs
2603| [1019736] Microsoft Outlook S/MIME Processing Lets Remote Users Access Arbitrary URLs
2604| [1019686] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code via Word Documents
2605| [1019587] Microsoft Excel Input Validation Bug in Processing Conditional Formatting Values Lets Remote Users Execute Arbitrary Code
2606| [1019586] Microsoft Excel Input Validation Bug in Processing Rich Text Data Lets Remote Users Execute Arbitrary Code
2607| [1019585] Microsoft Excel Formula Parsing Error Lets Remote Users Execute Arbitrary Code
2608| [1019584] Microsoft Excel Input Validation Bug in Processing Style Record Data Lets Remote Users Execute Arbitrary Code
2609| [1019583] Microsoft Excel Flaw in Importing '.slk' Files Lets Remote Users Execute Arbitrary Code
2610| [1019582] Microsoft Excel Input Validation Bug in Processing Data Validation Records Lets Remote Users Execute Arbitrary Code
2611| [1019581] Microsoft Office Web Components DataSource Bug Lets Remote Users Execute Arbitrary Code
2612| [1019580] Microsoft Office Web Components URL Parsing Bug Lets Remote Users Execute Arbitrary Code
2613| [1019579] Microsoft Outlook 'mailto:' URL Validation Flaw Lets Remote Users Execute Arbitrary Code
2614| [1019578] Microsoft Office and Excel Memory Corruption Bugs Let Remote Users Execute Arbitrary Code
2615| [1019388] Microsoft Works/Microsoft Office Bug in Processing '.wps' Field Length Values Lets Remote Users Execute Arbitrary Code
2616| [1019387] Microsoft Works/Microsoft Office Bug in Processing '.wps' Header Index Table Lets Remote Users Execute Arbitrary Code
2617| [1019386] Microsoft Works/Microsoft Office Bug in Processing '.wps' File Section Length Headers Lets Remote Users Execute Arbitrary Code
2618| [1019385] Microsoft Internet Information Services Error in Processing ASP Page Input Lets Remote Users Execute Arbitrary Code
2619| [1019384] Microsoft Internet Information Services File Change Notification Bug Lets Local Users Gain Elevated Privileges
2620| [1019381] Microsoft Internet Explorer Argument Validation Flaw in 'dxtmsft.dll' Lets Remote Users Execute Arbitrary Code
2621| [1019380] Microsoft Internet Explorer Property Method Processing Bug Lets Remote Users Execute Arbitrary Code
2622| [1019379] Microsoft Internet Explorer HTML Layout Rendering Bug Lets Remote Users Execute Arbitrary Code
2623| [1019378] Microsoft Internet Explorer Buffer Overflow in Fox Pro ActiveX Control Lets Remote Users Execute Arbitrary Code
2624| [1019377] Microsoft Office Publisher Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
2625| [1019376] Microsoft Office Publisher Invalid Memory Reference Bug Lets Remote Users Execute Arbitrary Code
2626| [1019375] Microsoft Office Object Processing Flaw Lets Remote Users Execute Arbitrary Code
2627| [1019374] Microsoft Word Memory Error Lets Remote Users Execute Arbitrary Code
2628| [1019258] Microsoft Visual Basic '.dsr' File Buffer Overflow Lets Remote Users Execute Arbitrary Code
2629| [1019200] Microsoft Excel File Header Bug Lets Remote Users Execute Arbitrary Code
2630| [1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges
2631| [1019078] Microsoft Internet Explorer Object Access Bugs Let Remote Users Execute Arbitrary Code
2632| [1019077] Microsoft Message Queuing (MSMQ) Buffer Overflow Lets Remote Users Execute Arbitrary Code
2633| [1019073] Microsoft DirectX Bugs in Parsing SAMI, WAV, and AVI Files Let Remote Users Execute Arbitrary Code
2634| [1019033] Microsoft Web Proxy Auto-Discovery Name Server Resolution Bug Lets Remote Users Conduct Man-in-the-Middle Attacks
2635| [1018976] Microsoft Jet Engine Stack Overflow May Let Remote Users Execute Arbitrary Code
2636| [1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service
2637| [1018903] Microsoft DebugView 'Dbgv.sys' Module Lets Local Users Gain Kernel Level Privileges
2638| [1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands
2639| [1018790] Microsoft Word Bug in Processing Office Files Lets Remote Users Execute Arbitrary Code
2640| [1018789] Microsoft SharePoint Input Validation Hole Permits Cross-Site Scripting Attacks
2641| [1018788] Microsoft Internet Explorer Bugs Let Remote Users Spoof the Address Bar and Execute Arbitrary Code
2642| [1018786] Microsoft Outlook Express Bug in Processing NNTP Responses Lets Remote Users Execute Arbitrary Code
2643| [1018727] Microsoft Internet Security and Acceleration Server SOCKS4 Proxy Discloses IP Address Information to Remote Users
2644| [1018677] Microsoft Agent ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2645| [1018676] Microsoft Visual Basic VBP File Buffer Overflow Lets Remote Users Execute Arbitrary Code
2646| [1018568] Microsoft Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code
2647| [1018567] Microsoft Virtual PC/Server Heap Overflow Lets Local Users Gain Elevated Privileges
2648| [1018563] Microsoft GDI Buffer Overflow Lets Remote Users Execute Arbitrary Code
2649| [1018562] Microsoft Internet Explorer CSS and ActiveX Control Bugs Let Remote Users Execute Arbitrary Code
2650| [1018561] Microsoft Excel Workspace Index Validation Bug Lets Remote Users Execute Arbitrary Code
2651| [1018560] Microsoft OLE Automation Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
2652| [1018559] Microsoft Core XML Services Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2653| [1018551] Microsoft DirectX Buffer Overflow in FlashPix ActiveX Control Lets Remote Users Execute Arbitrary Code
2654| [1018520] Microsoft Visual Database Tools Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code
2655| [1018420] Microsoft DirectX Heap Overflow in Processing RLE-Compressed Targa Images Lets Remote Users Execute Arbitrary Code
2656| [1018353] Microsoft Office Publisher Lets Remote Users Execute Arbitrary Code
2657| [1018352] Microsoft Excel Caculation Error and Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2658| [1018351] Microsoft Internet Explorer Bug in Firefox URL Protocol Handler Lets Remote Users Execute Arbitrary Commands
2659| [1018321] Microsoft Excel Sheet Name Buffer Overflow Lets Remote Users Execute Arbitrary Code
2660| [1018251] Microsoft Office Buffer Overflow in MSODataSourceControl ActiveX Control May Let Remote Users Execute Arbitrary Code
2661| [1018235] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
2662| [1018202] Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service
2663| [1018193] Microsoft Internet Explorer Lets Remote Users Spoof Certain Objects
2664| [1018192] Microsoft Internet Explorer Input Validation Hole Permits Cross-Site Scripting Attacks
2665| [1018107] Microsoft Office Buffer Overflow in OUACTRL.OCX ActiveX Control Lets Remote Users Execute Arbitrary Code
2666| [1018019] Microsoft Internet Explorer Bugs Let Remote Users Modify Files or Execute Arbitrary Code
2667| [1018017] Microsoft CAPICOM 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code
2668| [1018016] Microsoft BizTalk Server 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code
2669| [1018015] Microsoft Exchange Base64, iCal, IMAP, and Attachment Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code
2670| [1018014] Microsoft Office Drawing Object Validation Flaw Lets Remote Users Execute Arbitrary Code
2671| [1018013] Microsoft Word Array and RTF Processing Bugs Let Remote Users Execute Arbitrary Code
2672| [1018012] Microsoft Excel Specially Crafted BIFF Records, Set Font Values, and Filter Records Permit Remote Code Execution
2673| [1017969] Microsoft Internet Explorer Digest Authentication Bug Lets Remote Users Conduct HTTP Request Splitting Attacks
2674| [1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code
2675| [1017902] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed
2676| [1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code
2677| [1017896] Microsoft Agent URL Parsing Bug Lets Remote Users Execute Arbitrary Code
2678| [1017894] Microsoft Content Management Server Permits Cross-Site Scripting Attacks and Lets Remote Users Execute Arbitrary Code
2679| [1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code
2680| [1017752] Adobe JRun IIS Connector Bug Lets Remote Users Deny Service
2681| [1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service
2682| [1017694] VeriSign Secure Messaging for Microsoft Exchange Stack Overflow in ConfigChk ActiveX Control Lets Remote Users Execute Arbitrary Code
2683| [1017653] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code
2684| [1017643] Microsoft Internet Explorer Multiple COM Objects Let Remote Users Execute Arbitrary Code
2685| [1017642] Microsoft Internet Explorer FTP Server Response Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2686| [1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2687| [1017640] Microsoft Office OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2688| [1017639] Microsoft Word Macro Security Warning Bug and Drawing Object Memory Corrupution Error Lets Remote Users Execute Arbitrary Code
2689| [1017638] Microsoft MFC Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2690| [1017637] Microsoft OLE Dialog RTF File Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2691| [1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code
2692| [1017635] Microsoft HTML Help ActiveX Control Lets Remote Users Execute Arbitrary Code
2693| [1017632] Microsoft Step-by-Step Interactive Training Buffer Overflow in Processing Bookmark Links Lets Remote Users Execute Arbitrary Code
2694| [1017584] Microsoft Office Excel Buffer Overflow Lets Remote Users Execute Arbitrary Code
2695| [1017579] [Duplicate Entry] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code
2696| [1017564] Microsoft Word Function Processing Bug Lets Remote Users Execute Arbitrary Code
2697| [1017530] Microsoft Help Workshop Buffer Overflow in Processing '.CNT' Files Lets Remote Users Execute Arbitrary Code
2698| [1017488] Microsoft Outlook '.iCal', '.oss', and SMTP Header Bugs Let Remote Users Execute Arbitrary Code or Deny Service
2699| [1017487] Microsoft Excel Buffer Overflows in Processing Various Records and Strings Lets Remote Users Execute Arbitrary Code
2700| [1017486] Microsoft Office Brazilian Portuguese Grammar Checker Lets Remote Users Execute Arbitrary Code
2701| [1017485] Microsoft Excel Memory Access Error Lets Remote Users Execute Arbitrary Code
2702| [1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service
2703| [1017397] Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service
2704| [1017390] Microsoft Word Unchecked Count Vulnerability Lets Remote Users Execute Arbitrary Code
2705| [1017388] Microsoft Project Discloses Database Password to Remote Authenticated Users
2706| [1017374] Microsoft Internet Explorer May Disclose Contents of the Temporary Internet Files Folder to Remote Users
2707| [1017373] Microsoft Internet Explorer DHTML and Script Error Handling Bugs Let Remote Users Execute Arbitrary Code
2708| [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code
2709| [1017358] Microsoft Word Data Structure Processing Bug Lets Remote Users Cause Arbitrary Code to Be Executed
2710| [1017339] Microsoft Word String Processing Bug Lets Remote Users Execute Arbitrary Code
2711| [1017224] Microsoft Client Service for Netware Buffer Overflows Let Remote Users Execute Arbitrary Code and Crash the System
2712| [1017223] Microsoft Internet Explorer Bug in Rending HTML Layout Combinations May Let Remote Users Execute Arbitrary Code
2713| [1017222] Microsoft Agent '.ACF' File Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2714| [1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges
2715| [1017165] Microsoft Internet Explorer 'ieframe.dll' Lets Remote Users Spoof Invalid Certificates
2716| [1017157] Microsoft XML Core Services ActiveX Control Lets Remote Users Execute Arbitrary Code
2717| [1017142] Microsoft Visual Studio WMI Object Broker ActiveX Control Lets Remote Users Execute Arbitrary Code
2718| [1017133] Microsoft NAT Helper 'ipnathlp.dll' Lets Remote Users Deny Service
2719| [1017127] Microsoft Data Access Components 'ADODB.Connection' Execute Function Lets Remote Users Execute Arbitrary Code
2720| [1017122] Microsoft Internet Explorer Lets Remote Users Partially Spoof Address Bar URLs
2721| [1017059] Microsoft PowerPoint Bug Causes PowerPoint to Crash
2722| [1017034] Microsoft Office String, Chart Record, and SmartTag Validation Errors Let Remote Users Execute Arbitrary Code
2723| [1017033] Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information
2724| [1017032] Microsoft Word String and Mail Merge Record Validation Flaws Let Remote Users Execute Arbitrary Code
2725| [1017031] Microsoft Excel DATETIME/COLINFO Record Errors and Lotus 1-2-3 Errors Let Remote Users Execute Arbitrary Code
2726| [1017030] Microsoft PowerPoint Errors in Parsing Object Pointers and Data Records Lets Remote Users Execute Arbitrary Code
2727| [1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code
2728| [1016937] Microsoft PowerPoint Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
2729| [1016886] [Duplicate] Microsoft PowerPoint Bug Lets Remote Users Execute Arbitrary Code
2730| [1016879] Microsoft Internet Explorer VML Buffer Overflow Lets Remote Users Execute Arbitrary Code
2731| [1016854] Microsoft Internet Explorer Buffer Overflow in 'daxctle.ocx' ActiveX in KeyFrame Method Control Lets Remote Users Execute Arbitrary Code
2732| [1016839] Microsoft Internet Explorer URLMON.DLL Buffer Overflow Lets Remote Users Execute Arbitrary Code
2733| [1016827] Microsoft PGM Implementation Buffer Overflow in MSMQ Service Lets Remote Users Execute Arbitrary Code
2734| [1016825] Microsoft Publisher Buffer Overflow in Parsing '.pub' Files Lets Remote Users Execute Arbitrary Code
2735| [1016787] Microsoft Word Record Validation Vulnerability Lets Remote Users Execute Arbitrary Code
2736| [1016764] Microsoft Internet Explorer (IE) Buffer Overflow in 'daxctle.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code
2737| [1016731] Microsoft Internet Explorer URL Buffer Overflow in Processing HTTP 1.1 Protocol with Compression Lets Remote Users Execute Arbitrary Code
2738| [1016720] [Duplicate Entry] Microsoft PowerPoint Unknown Bug May Let Remote Users Execute Arbitrary Code
2739| [1016663] Microsoft Internet Explorer Bugs Let Remote Users Obtain Information or Execute Arbitrary Code
2740| [1016657] Microsoft Office Buffer Overflow in Processing PowerPoint Records Lets Remote Users Execute Arbitrary Code
2741| [1016656] Microsoft Visual Basic for Applications Buffer Overflow Lets Remote Users Execute Arbitrary Code
2742| [1016655] Microsoft Management Console Input Validation Hole Permits Remote Code Execution
2743| [1016654] Microsoft Outlook Express MHTML Parsing Error Lets Remote Users Execute Arbitrary Code
2744| [1016506] Microsoft Internet Security and Acceleration Server HTTP File Exentsion Filter Can Be Bypassed By Remote Users
2745| [1016504] Microsoft Works Buffer Overflow in Processing Spreadsheet Files May Let Remote Users Execute Arbitrary Code
2746| [1016496] Microsoft PowerPoint 'mso.dll' Buffer Overflow May Let Remote Users Execute Arbitrary Code
2747| [1016472] Microsoft Excel Errors in Processing Various Malformed Records Let Remote Users Execute Arbitrary Code
2748| [1016470] Microsoft Office PNG and GIF File Buffer Error Lets Remote Users Execute Arbitrary Code
2749| [1016469] Microsoft Office String Parsing and Property Bugs Let Remote Users Execute Arbitrary Code
2750| [1016468] Microsoft DHCP Client Buffer Overflow Lets Remote Users Execute Arbitrary Code
2751| [1016453] Microsoft Office LsCreateLine() Function May Let Remote Users Execute Arbitrary Code
2752| [1016434] Microsoft HTML Help Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code
2753| [1016430] Microsoft Excel STYLE Record Bug May Let Remote Users Execute Arbitrary Code
2754| [1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications
2755| [1016344] Microsoft Excel 'Shockwave Flash Object' Lets Remote Users Execute Code Automatically
2756| [1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code
2757| [1016316] Microsoft Excel Memory Validation Flaw May Let Remote Users Cause Arbitrary Code to Be Executed
2758| [1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code
2759| [1016291] Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code
2760| [1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code
2761| [1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems
2762| [1016287] Microsoft PowerPoint Buffer Overflow in Processing Malformed Records Lets Remote Users Execute Arbitrary Code
2763| [1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code
2764| [1016283] Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
2765| [1016280] Microsoft Outlook Web Access Input Validation Hole Permits Cross-Site Scripting Attacks
2766| [1016196] F-Secure Anti-Virus for Microsoft Exchange Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code
2767| [1016130] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed
2768| [1016048] Microsoft Exchange Error in Processing iCAL/vCAL Properties Lets Remote Users Execute Arbitrary Code
2769| [1016047] Microsoft Distributed Transaction Coordinator Bugs Let Remote Users Deny Service
2770| [1016005] Microsoft Outlook Express 'mhtml:' Redirect URL Processing Lets Remote Users Bypass Security Domains
2771| [1016001] Microsoft Internet Explorer Bug in Processing Nested OBJECT Tags Lets Remote Users Execute Arbitrary Code
2772| [1015900] Microsoft Internet Explorer Parsing and State Errors Let Remote Users Execute Arbitrary Code
2773| [1015899] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar URL
2774| [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code
2775| [1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code
2776| [1015896] Microsoft FrontPage Server Extensions Input Validation Holes Permit Cross-Site Scripting Attacks
2777| [1015895] Microsoft SharePoint Team Services Input Validation Holes Permit Cross-Site Scripting Attacks
2778| [1015894] Microsoft Data Access Components RDS.Dataspace Access Control Bug Lets Remote Users Execute Arbitrary Code
2779| [1015892] Microsoft Internet Explorer Popup Window Object Bugs Let Remote Users Execute Scripting Code in Arbitrary Domains
2780| [1015855] Microsoft Office Array Index Boundary Error Lets Remote Users Execute Arbitrary Code
2781| [1015825] Microsoft ASP.NET Incorrect COM Component Reference Lets Remote Users Deny Service
2782| [1015812] Microsoft Internet Explorer createTextRange() Memory Error Lets Remote Users Execute Arbitrary Code
2783| [1015800] (Vendor Issues Fix) Microsoft Internet Explorer (IE) Lets Remote Users Cause HTA Files to Be Executed
2784| [1015794] (Vendor Issues Fix) Microsoft Internet Explorer 'mshtml.dll' Bug in Processing Multiple Action Handlers Lets Remote Users Deny Service
2785| [1015766] Microsoft Office and Excel Buffer Overflows Let Remote Users Execute Arbitrary Code
2786| [1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges
2787| [1015720] Microsoft Internet Explorer Modal Security Dialog Race Condition May Let Remote Users Install Code or Obtain Information
2788| [1015632] Microsoft PowerPoint May Let Users Access Contents of the Temporary Internet Files Folder
2789| [1015631] Microsoft Office Korean Input Method Editor Lets Local Users Gain Elevated Privileges
2790| [1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
2791| [1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service
2792| [1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges
2793| [1015585] Microsoft HTML Help Workshop Buffer Overflow in Processing .hhp Files Lets Remote User Execute Arbitrary Code
2794| [1015559] Microsoft Internet Explorer Shockwave Flash Scripting Bug Lets Remote Users Deny Service
2795| [1015489] Microsoft Wireless Network Connection Software May Broadcast Ad-Hoc SSID Information in Certain Cases
2796| [1015461] Microsoft Outlook Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code
2797| [1015460] Microsoft Exchange Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code
2798| [1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code
2799| [1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code
2800| [1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code
2801| [1015350] Microsoft Internet Explorer Bug in Using HTTPS Proxies May Disclose Web URLs to Remote Users
2802| [1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box
2803| [1015348] Microsoft Internet Explorer Bug in Instantiating COM Objects May Let Remote Users Execute Arbitrary Code
2804| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
2805| [1015333] Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed
2806| [1015251] Microsoft Internet Explorer Bug in Processing Mismatched Document Object Model Objects May Let Remote Users Execute Arbitrary Code
2807| [1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service
2808| [1015226] Microsoft AntiSpyware Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code
2809| [1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code
2810| [1015143] F-Secure Anti-Virus for Microsoft Exchange Web Console May Disclose Files to Remote Users
2811| [1015101] Microsoft Internet Explorer J2SE Runtime Environment Bug Lets Remote Users Crash the Target User's Browser
2812| [1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code
2813| [1015043] Microsoft Network Connection Manager Lets Remote Users Deny Service
2814| [1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code
2815| [1015041] Microsoft Client Service for NetWare Buffer Overflow Lets Remote Users Execute Arbitrary Code
2816| [1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code
2817| [1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code
2818| [1015038] Microsoft Exchange Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code
2819| [1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges
2820| [1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System
2821| [1015034] Microsoft DirectX DirectShow Buffer Overflow Lets Remote Users Execute Arbitrary Code
2822| [1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules
2823| [1014809] Microsoft Internet Explorer Unspecified Bug May Permit Remote Code Execution
2824| [1014727] Microsoft 'msdds.dll' COM Object Lets Remote Users Execute Arbitrary Code
2825| [1014643] Microsoft Internet Explorer COM Object Instantiation Bug May Let Remote Users Execute Arbitrary Code
2826| [1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing
2827| [1014641] Microsoft Internet Explorer Web Folder URL Validation Bug Lets Remote Users Execute Scripting Code in an Arbitrary Security Domain
2828| [1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code
2829| [1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation
2830| [1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code
2831| [1014501] Hosting Controller 'IISActions.asp' Script Lets Remote Authenticated Users Add Domains/Subdomains
2832| [1014500] Microsoft Internet Explorer (IE) JPEG Rendering Bugs Let Remote Users Deny Service or Execute Arbitrary Code
2833| [1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service
2834| [1014458] Microsoft Office Buffer Overflow in Parsing Fonts Lets Remote Users Cause Arbitrary Code to Be Executed
2835| [1014457] Microsoft Microsoft Color Management Module Lets Remote Users Execute Arbitrary Code
2836| [1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users
2837| [1014364] Microsoft Internet Information Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks
2838| [1014356] Microsoft ISA Server May Accept HTTP Authentication Even When SSL Is Required
2839| [1014352] Microsoft Front Page May Crash When Editing a Specially Crafted Web Page
2840| [1014329] Microsoft Internet Explorer 'javaprxy.dll' COM Object Exception Handling Lets Remote Users Execute Arbitrary Code
2841| [1014261] Microsoft Internet Explorer Lets Remote Users Spoof Javascript Dialog Boxes
2842| [1014201] Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code
2843| [1014200] Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code
2844| [1014199] Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks
2845| [1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code
2846| [1014197] Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents
2847| [1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code
2848| [1014195] Microsoft HTML Help Input Validation Flaw Lets Remote Users Execute Arbitrary Code
2849| [1014194] Microsoft Step-by-Step Interactive Training Bookmark Link File Validation Flaw Lets Remote Users Execute Arbitrary Code
2850| [1014193] Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections
2851| [1014174] Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code
2852| [1014113] Microsoft ISA Server in SecureNAT Configuration Can Be Crashed By Remote Users
2853| [1014050] Computer Associates eTrust Antivirus Integer Overflow in Processing Microsoft OLE Data Lets Remote Users Execute Arbitrary Code
2854| [1013996] Microsoft ASP.NET May Disclose System Information to Remote Users in Certain Cases
2855| [1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code
2856| [1013724] RSA Authentication Agent for Web for IIS Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks
2857| [1013692] Microsoft Internet Explorer Buffer Overflows in DHTML, URL Parsing, and Content Advisor Let Remote Users Execute Arbitrary Code
2858| [1013691] Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute Arbitrary Code
2859| [1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code
2860| [1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges
2861| [1013687] Microsoft Exchange Heap Overlow in Processing Extended SMTP Verb Lets Remote Users Execute Arbitrary Code
2862| [1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code
2863| [1013684] Microsoft Word Unspecified Buffer Overflow in Processing Documents Lets Remote Users Execute Arbitrary Code
2864| [1013669] Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses
2865| [1013668] Microsoft Outlook 'From' Address Display Lets Remote Users Spoof Origination Addresses
2866| [1013618] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code
2867| [1013583] Microsoft Outlook Connector for IBM Lotus Domino Lets Users Bypass Password Storage Policy
2868| [1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System
2869| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
2870| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
2871| [1013205] Microsoft Internet Explorer Can Be Crashed With URL Containing Special URL Characters
2872| [1013126] Microsoft Internet Explorer CDF Scripting Error Lets Remote Users Execute Scripting Code in Arbitrary Domains
2873| [1013125] Microsoft Internet Explorer DHTML Method Heap Overflow Lets Remote Users Execute Arbitrary Code
2874| [1013124] Microsoft Internet Explorer URL Encoding Error Lets Remote Users Spoof Arbitrary URLs and Execute Scripting Code in Arbitrary Security Zone
2875| [1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges
2876| [1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code
2877| [1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code
2878| [1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code
2879| [1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code
2880| [1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information
2881| [1013111] Microsoft SharePoint Services Redirection Query Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
2882| [1013110] Microsoft Office XP Buffer Overflow in Processing URLs Lets Remote Users Execute Arbitrary Code
2883| [1013086] Microsoft Outlook Web Access 'owalogon.asp' Lets Remote Users Redirect Login Requests
2884| [1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag
2885| [1012836] Microsoft HTML Help Active Control Cross-Domain Error Lets Remote Users Execute Arbitrary Commands
2886| [1012835] Microsoft Cursor and Icon Validation Error Lets Remote Users Execute Arbitrary Code
2887| [1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code
2888| [1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service
2889| [1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code
2890| [1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code
2891| [1012584] Microsoft IE dhtmled.ocx Lets Remote Users Execute Cross-Domain Scripting Attacks
2892| [1012518] Microsoft HyperTerminal Buffer Overflow Lets Remote Users Execute Arbitrary Code
2893| [1012517] Microsoft WINS Buffer Overflow in Name Value Lets Remote Users Execute Arbitrary Code
2894| [1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code
2895| [1012514] Microsoft WordPad Error in Converting Tables/Fonts Lets Remote Users Execute Arbitrary Code
2896| [1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges
2897| [1012512] Microsoft LSASS Bug in Validating Identity Tokens Lets Local Users Gain Elevated Privileges
2898| [1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows
2899| [1012444] Microsoft Internet Explorer Input Validation Error in Processing FTP URLs May Let Remote Users Inject Arbitrary FTP Commands
2900| [1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks
2901| [1012341] Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code
2902| [1012288] Microsoft IE Custom 404 Error Message and execCommand SaveAs Lets Remote Users Bypass XP SP2 Download Warning Mechanisms
2903| [1012234] Microsoft Internet Explorer on XP SP2 Has Unspecified Flaws That Let Remote Users Bypass File Download Restrictions
2904| [1012155] Microsoft Internet Security and Acceleration Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites
2905| [1012154] Microsoft Proxy Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites
2906| [1012138] Microsoft IE Discloses Whether Specified Files Exist to Remote Users
2907| [1012057] F-Secure Anti-Virus for Microsoft Exchange Lets Remote Users Bypass Anti-Virus Detection With a ZIP Archive
2908| [1012049] (Exploit Code Has Been Released) Microsoft Internet Explorer Buffer Overflow in IFRAME/EMBED Tag Processing Lets Remote Users Execute Arbitrary Code
2909| [1011987] Microsoft Internet Explorer Lets Remote Users Spoof the Status Bar Address with a Table Within a Link
2910| [1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System
2911| [1011895] Microsoft IE for Mac Multi-Window Browsing Errors Let Remote Users Spoof Sites
2912| [1011890] Microsoft Outlook May Display Images in Plaintext Only Mode
2913| [1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service
2914| [1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations
2915| [1011851] Microsoft IE AnchorClick Behavior and HTML Help Let Remote Users Execute Arbitrary Code
2916| [1011735] Microsoft Internet Explorer May Display the Incorrect URL When Loading a Javascript Homepage
2917| [1011706] Microsoft Operating System 'asycpict.dll' Lets Remote Users Crash the System
2918| [1011678] Microsoft IE MSN 'heartbeat.ocx' Component Has Unspecified Flaw
2919| [1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code
2920| [1011646] Microsoft Program Group Converter Buffer Overflow Lets Remote Users Execute Arbitrary Code
2921| [1011645] Microsoft Various Operating System Flaws Lets Remote Users Execute Code and Local Users Gain Elevated Privileges or Deny Service
2922| [1011644] Microsoft IE Plug-in Navigation Flaw Lets Remote Users Spoof URLs in the Addresses Bar
2923| [1011643] Microsoft IE Double Byte Parsing Flaw Lets Remote Users Spoof URLs in the Addresses Bar
2924| [1011642] Microsoft IE SSL Caching Flaw Lets Remote Users Run Scripting Code in the Context of Arbitrary Secure Sites
2925| [1011640] Microsoft IE Buffer Overflow in Install Engine Lets Remote Users Execute Arbitrary Code
2926| [1011639] Microsoft IE Buffer Overflow in Processing Cascading Style Sheets Lets Remote Users Execute Arbitrary Code
2927| [1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code
2928| [1011636] Microsoft SMTP Service Buffer Overflow in Processing DNS Responses May Let Remote Users Execute Arbitrary Code
2929| [1011635] Microsoft Excel Unspecified Flaw Lets Remote Users Execute Arbitrary Code
2930| [1011634] Microsoft NetDDE Buffer Overflow Lets Remote Users Execute Arbitrary Code With System Privileges
2931| [1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service
2932| [1011631] Microsoft NNTP Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges
2933| [1011626] Microsoft Cabarc Directory Traversal Flaw Lets Remote Users Create/Overwrite Files on the Target System
2934| [1011565] Microsoft Word Parsing Flaw May Let Remote Users Execute Arbitrary Code
2935| [1011563] Microsoft Internet Explorer Lets Remote Users Access XML Documents
2936| [1011559] Microsoft .NET Forms Authentication Can Be Bypassed By Remote Users
2937| [1011434] Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer
2938| [1011332] Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks
2939| [1011253] Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code
2940| [1011252] Microsoft Works Suite Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
2941| [1011251] Microsoft Publisher Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
2942| [1011250] Microsoft FrontPage Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
2943| [1011249] Microsoft Office Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
2944| [1011200] F-Secure Anti-Virus for Microsoft Exchange Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service
2945| [1011141] HP Systems Insight Manager May Not Let Users Login After Applying a Microsoft Security Patch
2946| [1011067] Microsoft Outlook Express May Disclose 'bcc:' Recipient Addresses
2947| [1011043] Microsoft Internet Explorer Local File IFRAME Error Response Lets Remote Users Determine if Files or Directories Exist
2948| [1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File
2949| [1010992] Microsoft Internet Security and Acceleration Server Does Not Block FTP Bounce Attacks
2950| [1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files
2951| [1010957] Microsoft Internet Explorer Unregistered Protocol State Error Lets Remote Users Spoof Location Bar
2952| [1010916] Microsoft Outlook Web Access Input Validation Hole in Redirection Query Permits Cross-Site Scripting Attacks
2953| [1010827] Microsoft Internet Explorer Error in 'mshtml.dll' in Processing GIF Files Lets Remote Users Crash the Browser
2954| [1010713] Microsoft Systems Management Server (SMS) Client Can Be Crashed By Remote Users
2955| [1010694] Microsoft IE Lets Remote Users Spoof Filenames Using CLSIDs
2956| [1010693] Microsoft Internet Explorer 'shell:' Protocol Lets Remote Users Execute Arbitrary Scripting Code in the Local Zone
2957| [1010690] Microsoft HTML Help Input Validation Error Lets Remote Users Execute Arbitrary Code
2958| [1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code
2959| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
2960| [1010686] Microsoft Utility Manager Permits Local Applications to Run With Elevated Privileges
2961| [1010683] Microsoft Internet Explorer Same Name Javascript Bug Lets Remote Users Execute Arbitrary Javascript in the Domain of an Arbitrary Site
2962| [1010679] Microsoft Internet Explorer Access Control Flaw in popup.show() Lets Remote Users Execute Mouse-Click Actions
2963| [1010673] Microsoft Internet Explorer Can Be Crashed By Remote Users With Large Text Files
2964| [1010550] Microsoft MN-500 Wireless Base Station Lets Remote Users Deny Administrative Access
2965| [1010491] Microsoft Internet Explorer Crashes When Saving Files With Special Character Strings
2966| [1010482] Microsoft Internet Explorer '%2F' URL Parsing Error Lets Remote Users Spoof Sites in the Trusted Zone
2967| [1010479] (US-CERT Issues Advisory) Microsoft Internet Explorer Cross-Domain Redirect Hole Lets Remote Users Execute Arbitrary Code
2968| [1010427] Microsoft DirectX DirectPlay Input Validation Error Lets Remote Users Crash the Application
2969| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
2970| [1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users
2971| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
2972| [1010175] Microsoft Visual Basic Buffer Overflow May Let Local Users Gain Elevated Privileges
2973| [1010166] Microsoft Outlook Express Mail Troubleshooting Function May Disclose SMTP Password to Local Users
2974| [1010165] Microsoft Internet Explorer Image Map URL Display Error Lets Remote Users Spoof URLs
2975| [1010157] Microsoft Internet Explorer showHelp Path Search Lets Remote Users Load Existing Local CHM Files
2976| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
2977| [1010119] Microsoft Help and Support Center HCP URL Validation Error May Let Remote Users Execute Arbitrary Code If User Interactions Occur
2978| [1010092] Microsoft Internet Explorer 'file://' URL Processing Flaw Lets Remote Users Damage the Registry
2979| [1010009] Microsoft Internet Explorer SSL Icon Error May Let Remote Users Impersonate Secure Web Sites
2980| [1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code
2981| [1009939] Microsoft Internet Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code
2982| [1009778] Microsoft H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code
2983| [1009777] Microsoft SSL Library Input Validation Error Lets Remote Users Crash the Service
2984| [1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges
2985| [1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code
2986| [1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges
2987| [1009769] Microsoft Utility Manager Lets Local Users Run Applications With Elevated Privileges
2988| [1009768] Microsoft Winlogon Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
2989| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
2990| [1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users
2991| [1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports
2992| [1009760] Microsoft Virtual DOS Machine (VDM) Lets Local Users Gain Elevated Privileges
2993| [1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service
2994| [1009757] Microsoft Jet Database Engine 'msjet40.dll' Buffer Overflow Lets Remote Users Execute Arbitrary Code
2995| [1009754] Microsoft ASN.1 Library (msasn1.dll) Double-Free Memory Allocation Error May Let Remote Users Execute Arbitrary Code
2996| [1009753] Microsoft SSL Library PCT Buffer Overflow Lets Remote Users Execute Arbitrary Code
2997| [1009752] Microsoft Help and Support Center Input Validation Flaw Lets Remote Users Execute Arbitrary Code in the My Computer Zone
2998| [1009751] Microsoft LSASS Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges
2999| [1009746] Microsoft Internet Explorer Bitmap Memory Allocation Error Lets Remote Users Cause All Available Memory to Be Consumed
3000| [1009743] Microsoft Outlook Express Can Be Crashed By Remote Users With Specially Crafted EML File
3001| [1009739] Microsoft Internet Explorer Javascript OLE Object Lets Remote Users Automatically Print Without Authorization
3002| [1009690] Microsoft Internet Explorer Security Domain Flaw in Accessing CHM Files Lets Remote Users Execute Arbitrary Code
3003| [1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service
3004| [1009666] Microsoft SharePoint Portal Server Input Validation Holes Permit Cross-Site Scripting Attacks
3005| [1009604] Microsoft Internet Explorer Does Not Correctly Display Links With Embedded FORM Data
3006| [1009603] Microsoft Outlook Express Does Not Correctly Display Links With Embedded FORM Data
3007| [1009546] Microsoft Operating Systems Have Unspecified Flaw That Yields Kernel Level Access to Local Users
3008| [1009361] Microsoft Internet Explorer Cookie Path Restrictions Can Be Bypassed By Remote Servers
3009| [1009360] Microsoft MSN Messenger May Disclose Known Files to Remote Users
3010| [1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users
3011| [1009358] Microsoft Office XP 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain
3012| [1009357] Microsoft Outlook 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain
3013| [1009243] Microsoft Internet Explorer (IE) May Leak Keystrokes Across Frames
3014| [1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution
3015| [1009067] Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code
3016| [1009009] Microsoft Virtual PC for Mac Temporary File Flaw Lets Local Users Gain Root Privileges
3017| [1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service
3018| [1009007] Microsoft ASN.1 Library Heap Overflows Let Remote Users Execute Arbitrary Code With SYSTEM Privileges
3019| [1008901] Microsoft Internet Explorer Travel Log Input Validation Flaw Lets Remote Users Run Arbitrary Scripting Code in the Local Computer Domain
3020| [1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code
3021| [1008698] Microsoft Internet Security and Acceleration Server H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code
3022| [1008586] Microsoft Office Security Features Can Be Bypassed
3023| [1008583] Microsoft Internet Explorer Flaw in Processing '.lnk' Shortcuts Lets Remote Users Execute Arbitrary Code
3024| [1008578] Microsoft Internet Explorer showHelp() '\..\' Directory Traversal Flaw Lets Remote Users Execute Files on the Target System
3025| [1008558] Microsoft Internet Explorer Trusted Domain Default Settings Facilitate Silent Installation of Executables
3026| [1008554] Microsoft IE for Mac May Disclose Sensitive Information in Secure URLs to Remote Sites via HTTP Referer Field
3027| [1008510] Openwares.org 'Microsoft IE Security Patch' URL Buffer Overflow Lets Remote Users Execute Arbitrary Code
3028| [1008428] Microsoft ASP.NET Web Services XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests
3029| [1008425] Microsoft IE Does Not Properly Display Some URLs
3030| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
3031| [1008293] Microsoft Internet Explorer Invalid ContentType May Disclose Cache Directory Location to Remote Users
3032| [1008292] Microsoft Internet Explorer MHT Redirect Flaws Let Remote Users Execute Arbitrary Code
3033| [1008245] Microsoft SharePoint May Let Remote Users Access Protected Pages Without Authenticating
3034| [1008151] Microsoft Works Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code
3035| [1008150] Microsoft Word Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code
3036| [1008149] Microsoft Excel Macro Security Flaw Lets Remote Users Execute Arbitrary Macro Codes
3037| [1008148] Microsoft SharePoint Team Services Buffer Overflow May Let Remote Users Execute Arbitrary Code
3038| [1008147] Microsoft FrontPage Server Extensions Buffer Overflow May Let Remote Users Execute Arbitrary Code
3039| [1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges
3040| [1008053] Microsoft Internet Explorer IFRAME Refresh Lets Remote HTML Access Local Files
3041| [1008000] Microsoft Internet Explorer Lets Remote Users Execute Arbitrary Files in the Local Zone Using a Specially Crafted IFRAME/Location Header
3042| [1007937] Microsoft Exchange Server Buffer Overflow in Processing Extended Verb Requests May Let Remote Users Execute Arbitrary Code
3043| [1007936] Microsoft Outlook Web Access Input Validation Flaw in 'Compose New Message' Permits Remote Cross-Site Scripting Attacks
3044| [1007935] Microsoft ListBox and ComboBox 'user32.dll' Buffer Overflow May Allow Local Users to Gain Elevated Privileges
3045| [1007934] Microsoft Help and Support Center HCP Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code With Local Computer Privileges
3046| [1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges
3047| [1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
3048| [1007931] Microsoft Authenticode Low Memory Flaw May Let Remote Users Execute Arbitrary Code
3049| [1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code
3050| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
3051| [1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues
3052| [1007750] Microsoft BizTalk Server Default Directory Permissions May Let Remote Users Deny Service
3053| [1007689] Microsoft Internet Explorer Media Sidebar Flaw Lets Remote Users Execute Arbitrary Code on the System
3054| [1007687] Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains
3055| [1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code
3056| [1007651] RealSecure Server Sensor Unicode Flaw Lets Remote Users Crash the IIS Web Service
3057| [1007618] Microsoft Visual Basic for Applications (VBA) in Multiple Microsoft Products Permits Remote Code Execution
3058| [1007617] Microsoft Converter for WordPerfect Has Buffer Overflow That Lets Remote Users Execute Arbitrary Code
3059| [1007616] Microsoft Word Document Validation Error Lets Macros Run Without Warning
3060| [1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users
3061| [1007614] Microsoft Access Snapshot Viewer ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
3062| [1007599] Microsoft Outlook May Fail to Delete Outlook Data From the PST File
3063| [1007538] Microsoft Internet Explorer Buffer Overflow in CR549.DLL ActiveX Control Permits Remote Code Execution
3064| [1007537] Microsoft Internet Explorer Object Tag Flaw Lets Remote Users Execute Arbitrary Code
3065| [1007536] Microsoft Internet Explorer Cache Script Flaw Lets Remote Users Execute Code in the My Computer Zone
3066| [1007535] Microsoft MDAC Database Component Lets Remote Users Execute Arbitrary Code
3067| [1007507] RSA SecurID Interaction With Microsoft URLScan May Disclose URLScan Configuration to Remote Users
3068| [1007493] Microsoft Visual Studio Buffer Overflow in 'mciwndx.ocx' May Let Remote Users Execute Arbitrary Code
3069| [1007388] Microsoft WebServer Beta for Pocket PC Yields Administrative Access to Remote Users
3070| [1007364] IISShield May Fail to Drop a Specific Malformed HTTP Request
3071| [1007306] Microsoft Outlook Express Again Executes Scripting Code in Plain Text E-mail Messages
3072| [1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications
3073| [1007280] Microsoft Data/Desktop Engine Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code
3074| [1007279] Microsoft SQL Server Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code
3075| [1007278] Microsoft DirectX Heap Overflow in Loading MIDI Files Lets Remote Users Execute Arbitrary Code
3076| [1007265] Microsoft MDAC ODBC Component May Store Database Passwords in Plaintext in the Registry
3077| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
3078| [1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution
3079| [1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution
3080| [1007206] Microsoft SMTP Service Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header
3081| [1007205] Microsoft Exchange Server Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header
3082| [1007190] Microsoft Internet Explorer 'Chromeless' Window May Let Remote Users Spoof Various User Interface Characteristics
3083| [1007172] Microsoft Jet Database Engine Buffer Overflow May Let Remote Users Execute Arbitrary Code
3084| [1007154] Microsoft SMB Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
3085| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
3086| [1007133] Microsoft Outlook Web Access (OWA) May Disclose The User's OWA Password to Remote Users
3087| [1007126] Microsoft Internet Explorer Can By Crashed By Loading 'C:\aux' URL
3088| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
3089| [1007098] Microsoft Commerce Server Discloses SQL Server Password to Local Users
3090| [1007094] Microsoft NetMeeting Directory Traversal Flaw Lets Remote Users Execute Arbitrary Code
3091| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
3092| [1007072] Microsoft Internet Explorer Buffer Overflow in Processing Scripted 'HR' Tags Lets Remote Users Execute Arbitrary Code
3093| [1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata
3094| [1007022] SurfControl for Microsoft ISA Server Discloses Files to Remote Users
3095| [1007008] Microsoft Internet Explorer XML Parsing Error Lets Remote Users Conduct Cross-Site Scripting Attacks
3096| [1007007] Microsoft Internet Explorer Custom HTTP Error Pages May Let Remote Users Execute Scripts in the Local Computer Zone
3097| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
3098| [1006924] Microsoft Internet Explorer Input Validation Flaw in Displaying FTP Site Names Lets Remote Users Execute Arbitrary Scripting Code in Arbitrary Domains
3099| [1006918] Microsoft Internet Explorer (IE) Object Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code
3100| [1006901] Microsoft UrlScan Default Configuration Displays Identifying Characteristics to Remote Users
3101| [1006894] iisCART2000 Upload Authentication Error Lets Remote Users Upload and Execute Arbitrary Scripts
3102| [1006844] Microsoft Internet Connection Firewall Fails to Block IP Version 6 Protocol
3103| [1006829] iisPROTECT Input Validation Hole Lets Remote Users Execute SQL Stored Procedures
3104| [1006815] iisPROTECT Lets Remote Users Access Protected Files Using URL Encoding
3105| [1006809] Microsoft Outlook Express Lets Remote Users Silently Install Arbitrary Code Using Audio and Media Files
3106| [1006808] Microsoft Outlook Express May Be Affected by W32/Palyh@MM Mass-Mailing Worm
3107| [1006807] Microsoft Outlook May Be Affected by W32/Palyh@MM Mass-Mailing Worm
3108| [1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs
3109| [1006789] Microsoft ISA Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains
3110| [1006774] Microsoft Internet Explorer May Execute Arbitrary Code in the Wrong Security Domain When Processing Large Numbers of Download Requests
3111| [1006771] Microsoft Outlook Express Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash
3112| [1006748] Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
3113| [1006747] Microsoft Outlook May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
3114| [1006728] Microsoft .NET Passport Passwords, Including Hotmail Passwords, Can Be Changed By Remote Users
3115| [1006696] Microsoft Internet Explorer Web Folder Access Flaw Lets Remote Users Execute Arbitrary Scripting Code in the My Computer Zone
3116| [1006691] Microsoft MN-500 Wireless Base Station Backup Configuration File Discloses Administrator Password
3117| [1006686] Microsoft BizTalk Server Buffer Overflow Lets Remote Users Execute Arbitrary Code
3118| [1006634] Microsoft Internet Explorer Bugs (URLMON.DLL Buffer Overflow, File Upload Control Bypass, Plug-in URL Input Validation Flaw, CSS Modal Dialog Input Validation Flaw) Let Remote Users Execute Arbitrary Code or Access Local Files
3119| [1006608] Microsoft NTLM Authentication Protocol Flaw Lets Malicious SMB Servers Gain Access to Systems
3120| [1006599] Microsoft REGEDIT.EXE May Let Local Users Gain Elevated Privileges
3121| [1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System
3122| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
3123| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
3124| [1006533] Microsoft Firewall Service in ISA Server Has Unspecified Flaw That Lets Remote Users Stop Traffic
3125| [1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code
3126| [1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks
3127| [1006361] Microsoft ActiveSync Application Can Be Crashed By Remote Users
3128| [1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code
3129| [1006322] Microsoft ISA Server DNS Intrusion Detection Flaw Lets Remote Users Block DNS Inbound Requests
3130| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
3131| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
3132| [1006257] Microsoft Internet Explorer Buffer Overflow in Processing '.MHT' Web Archives Lets Remote Users Execute Arbitrary Code
3133| [1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code
3134| [1006169] Microsoft Internet Explorer Vulnerable Codebase Object Lets Remote Users Execute Arbitrary Code
3135| [1006148] Microsoft Outlook Express Security Domain Flaw Lets Remote Users Silently Install and Execute Arbitrary Code
3136| [1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications
3137| [1006046] Microsoft Internet Explorer showHelp() Domain Security Flaw Lets Remote Users Execute Commands
3138| [1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges
3139| [1006036] Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method
3140| [1006023] ColdFusion MX Configuration Error When Used With IIS and NT Authentication May Grant Unauthorized Access to Remote Authenticated Users
3141| [1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server
3142| [1005966] Microsoft Outlook May Fail to Encrypt User E-mail, Disclosing the Contents to Remote Users
3143| [1005964] Microsoft Locator Service Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Level Privileges
3144| [1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows
3145| [1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection
3146| [1005857] Microsoft Internet Explorer Bug in Loading Multimedia Files May Let Remote Users Execute Arbitrary Scripting Code in Other Domains
3147| [1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code
3148| [1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges
3149| [1005796] Microsoft SMB Signing Flaw May Let Remote Users With Access to an SMB Session Gain Control of a Network Client
3150| [1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users
3151| [1005757] Microsoft Outlook Bug in Processing Malformed E-mail Headers Lets Remote Users Crash the Client
3152| [1005747] Microsoft Internet Explorer showModalDialog() Input Validation Flaw Lets Remote Users Execute Arbitary Scripting Code in Any Security Zone
3153| [1005699] Microsoft Internet Explorer (IE) Java Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions
3154| [1005698] Microsoft Java Virtual Machine (VM) Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions
3155| [1005674] Microsoft Internet Explorer Buffer Overflow in Processing PNG Images Allows Denial of Service Attacks
3156| [1005672] Microsoft Internet Explorer MDAC Component Buffer Overflow Allows Remote Users to Execute Arbitrary Code
3157| [1005671] Microsoft Data Access Components (MDAC) Buffer Overflow Allows Remote Users to Execute Arbitrary Code
3158| [1005627] IISPop EMail Server Can Be Crashed By Remote Users
3159| [1005489] Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage
3160| [1005466] Microsoft Internet Explorer Cached Object Flaw Lets Remote Users Execute Arbitrary Programs on the Target User's Computer
3161| [1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service
3162| [1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions
3163| [1005436] Microsoft Data Engine/Desktop Engine (MSDE) Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges
3164| [1005435] Microsoft SQL Server Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges
3165| [1005416] Microsoft Internet Explorer Flaw in WebBrowser Control Document Property Lets Remote Users Run Code in the My Computer Security Zone
3166| [1005405] Microsoft Outlook Express Buffer Overflow in Parsing S/MIME Messages Lets Remote Users Execute Arbitrary Code
3167| [1005395] Microsoft Content Management Server Input Validation Bug in 'ManualLogin.asp' Allows Cross-Site Scripting Attacks
3168| [1005377] Microsoft MSN Hotmail/Passport Login Page May Permit Cookie Stealing Via Cross-Site Scripting Attacks
3169| [1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone
3170| [1005339] Microsoft Services for Unix Interix SDK Bugs May Allow Denial of Service Conditions or May Execute Arbitrary Code
3171| [1005338] Microsoft Data/Desktop Engine (MSDE) Buffer Overflow Lets Remote Users Execute Arbitrary Code
3172| [1005337] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code
3173| [1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created
3174| [1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed
3175| [1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code
3176| [1005296] Microsoft PPTP Service Buffer Overflow May Let Remote Users Execute Arbitrary Code
3177| [1005287] Microsoft FrontPage Server Extensions SmartHTML Interpreter Bugs May Let Remote Users Execute Arbitrary Code with System Privileges
3178| [1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System
3179| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
3180| [1005246] Microsoft Remote Desktop Protocol (RDP) Design Flaw May Disclose Information About the Unencrypted Data to Remote Users and May Let Data Be Modified During Transmission
3181| [1005243] Microsoft NetMeeting Remote Desktop Sharing Screen Saver Access Control Flaw Lets Physically Local Users Hijack Remote Sessions
3182| [1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet
3183| [1005223] (Microsoft Responds) Microsoft Word Document Processing File Include Bug May Let Remote Users Obtain Files From a Target User's System
3184| [1005207] Microsoft Outlook Express Can Be Crashed By Remote Users Sending HTML Mail With Long Links Embedded
3185| [1005203] Microsoft Internet Explorer Frame Domain Security Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Zone Via Frame URLs
3186| [1005200] Microsoft Internet Explorer Implementation Bugs in Java Native Methods May Let Remote Users Execute Arbitrary Code Via Malicious Applets
3187| [1005182] Microsoft Internet Explorer URL Decoding Inconsistency May Result in a Web Page Loading in the Incorrect Security Domain
3188| [1005177] Microsoft Visual FoxPro Filename Processing Bug Lets Remote Users Create HTML That Will Cause Arbitrary Code to Be Executed When the HTML is Loaded
3189| [1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System
3190| [1005128] Microsoft Internet Explorer XML Script Element Redirect Bug Lets Remote Users View XML Files on the Target User's Computer
3191| [1005127] Microsoft Visual Studio .NET Web Projects May Disclose the Web Directory Structure to Remote Users
3192| [1005123] Microsoft Internet Explorer Buffer Overflow in Unspecified Text Formatting ActiveX Control Lets Remote Users Execute Arbitrary Code
3193| [1005120] Microsoft Terminal Services Advanced Client (TSAC) ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
3194| [1005119] Microsoft Operating System SMB Protocol Implementation in the Network
3195| [1005112] Microsoft File Transfer Manager ActiveX Control Buffer Overflow May Let Remote Users Execute Arbitrary Code
3196| [1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them
3197| [1005075] Microsoft Internet Explorer XMLDSO Java Class Lets Remote HTML Code Access Local Files
3198| [1005071] Microsoft DirectX Files Viewer ActiveX Control Has Buffer Overflow That Allows Remote Users to Execute Arbitrary Code
3199| [1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms
3200| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
3201| [1005067] Microsoft Desktop Engine (MSDE) Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges
3202| [1005066] Microsoft SQL Server Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges
3203| [1005065] Microsoft Network Connection Manager Could Give a Local User System Level Privileges
3204| [1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System
3205| [1004986] Microsoft Content Management Server Buffer Overflow in Authentication Function May Allow Remote Users to Execute Arbitrary Code With System Level Privileges
3206| [1004983] Microsoft Visual C++ Flaw in calloc() and Similar Functions May Result in Buffer Overflows in Applications That Use the Compiler or Runtime Library
3207| [1004965] Microsoft Internet Explorer SSL Implementation Flaw in Following Certificate Chains Allows Remote Users to Conduct Man-in-the-Middle Attacks to Obtain Unencrypted Data from the Browser
3208| [1004927] Microsoft Terminal Services Can Be Crashed By Remote Users Conducting a TCP SYN Scan in Certain Situations
3209| [1004917] Microsoft SQL Server MDAC Function Buffer Overflow May Let Remote Users Execute Arbitrary Code to Gain Full Control Over the Database
3210| [1004877] Microsoft Internet Explorer (IE) Web Browser JavaScript 'Same Origin Policy' Flaw Allows Remote Users to Create Malicious JavaScript to Retrieve Web Data from a Victim's Internal Network
3211| [1004862] Microsoft Outlook Express Flaw in Parsing XML Using Internet Explorer Allows a Remote User to Silently Deliver and Install an Executable on a Target User's Computer
3212| [1004831] Microsoft Data Engine (MSDE) Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service
3213| [1004830] Microsoft SQL Server Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service
3214| [1004829] Microsoft SQL Server Resolution Service Buffer Overflows Let Remote Users Execute Arbitrary Code with the Privileges of the SQL Service
3215| [1004828] Microsoft Exchange Server Buffer Overflow in Processing SMTP EHLO Command Lets Remote Users Execute Arbitrary Code on the Server with System Level Privileges
3216| [1004827] Microsoft Metadirectory Services Authentication Flaw May Let Remote Users Modify Data and Obtain Elevated Privileges on the System
3217| [1004805] Microsoft Outlook Express (and Possibly Outlook) Has File Attachment Name Bugs That Let Remote Users Send Malicious Mail to Bypass Attachment Type Filters and Modify the Apparent File Name and File Size
3218| [1004761] Microsoft Foundation Classes (MFC) Information Server Application Programming Interface (ISAPI) 'mfc42.dll' Contains Buffer Overflows That Can Crash the System or Possibly Allow for the Remote Execution of Arbitrary Code
3219| [1004746] Microsoft Internet Explorer Flaw in OBJECT Domain Security Enforcement Lets Remote Users Execute Code in Arbitrary Domains
3220| [1004744] Microsoft SQL Server Install Process May Disclose Sensitive Passwords to Local Users
3221| [1004739] Microsoft SQL Server Desktop Engine (MSDE) Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges
3222| [1004738] Microsoft SQL Server Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges
3223| [1004637] Microsoft Commerce Server Buffer Overflows and Other Flaws Let Remote Users Execute Arbitrary Code with LocalSystem Privileges
3224| [1004618] Microsoft Internet Explorer Can Be Crashed By Malicious AVI Object in HTML
3225| [1004595] Microsoft Word Documents May Execute Remotely Supplied Macro Code Under Certain Conditions
3226| [1004594] Microsoft Excel Spreadsheet May Execute Remotely Supplied Macro Code Within Malicious Documents
3227| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
3228| [1004569] Microsoft Visual Studio .NET Korean Language Version Contains Nimda Virus
3229| [1004544] Microsoft SQL Server Buffer Overflow in 'pwdencrypt()' Function May Let Remote Authorized Users Execute Arbitrary Code
3230| [1004542] Lumigent Log Explorer Buffer Overflow May Let Remote Users Crash the Microsoft SQL Server Service or Execute Arbitrary Code on the System
3231| [1004541] Compaq Insight Manager May Include a Vulnerable Default Configuration of Microsoft MSDE/SQL Server That Allows Remote Users to Execute Commands on the System
3232| [1004529] Microsoft Remote Access Service (RAS) Phonebook Buffer Overflow May Let Local Users Execute Arbitrary Code with Local System Privileges
3233| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
3234| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
3235| [1004518] Microsoft Proxy Server Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server
3236| [1004517] Microsoft Internet Security and Acceleration Server (ISA) Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server
3237| [1004486] Microsoft ASP.NET Buffer Overflow in Processing Cookies in StateServer Mode May Let Remote Users Crash the Service or Execute Arbitrary Code on the Server
3238| [1004479] Microsoft Internet Explorer May Execute Remotely Supplied Scripting in the My Computer Zone if FTP Folder Viewing is Enabled
3239| [1004464] Microsoft Internet Explorer Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Victim's Computer
3240| [1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML
3241| [1004436] Microsoft Internet Explorer Allows HTML-Delivered Compiled Help Files to Be Automatically Executed on the Target User's Computer
3242| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
3243| [1004372] Microsoft Excel Spreadsheet XML Stylesheet ActiveX Object Flaw Lets Remote Users Create Malicious Excel Spreadsheets That May Execute Arbitrary Code When Opened With the XML Stylesheet Option
3244| [1004369] Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory
3245| [1004361] Microsoft Date Engine (MSDE) Default Configuration Leaves Blank Password for System Administrator Account
3246| [1004360] Opty-Way Enterprise Glassworks Management Application Installs Microsoft Data Engine Insecurely, Allowing Remote Users to Execute Commands on the System
3247| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
3248| [1004304] Microsoft Internet Explorer (IE) New Content-Disposition Bugs May Let Remote Users Execute Arbitrary Code on the Victim's Computer
3249| [1004300] Microsoft Internet Explorer (IE) Zone Spoofing Hole Lets Remote Users Create HTML That, When Loaded, May Run in a Less-Secure IE Security Zone
3250| [1004290] Microsoft Internet Explorer Bugs in 'BGSOUND' and 'IFRAME' Tags Let Remote Users Create HTML That Will Cause Denial of Service Conditions or Will Access Special DOS Devices
3251| [1004251] Microsoft Exchange Instant Messenger ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code
3252| [1004250] Microsoft MSN Messenger Includes an ActiveX Control That Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code
3253| [1004249] Microsoft MSN Chat Control ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code
3254| [1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition
3255| [1004229] Microsoft Office 'Word Mail Merge' Feature Allows Remote Users to Cause Arbitrary Programs to Be Executed on the Target User's Computer
3256| [1004226] Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client
3257| [1004197] Microsoft Internet Explorer Can Be Crashed By Incorrectly Sized XBM Graphics Files
3258| [1004157] Microsoft Outlook Weak Security Enforcement When Editing Messages with Microsoft Word Lets Remote Users Send Malicious Code to Outlook Recipients That Will Be Executed When Forwarded or Replied To
3259| [1004146] Microsoft Internet Explorer Browser Can Be Crashed By Remote HTML Containing Malicious Image Tags That Cause Infinite Processing Loops
3260| [1004130] Microsoft MSN Messenger Instant Messaging Client Discloses Buddy List to Local Users
3261| [1004121] Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users With OLE OBJECT Element Dependency Loops
3262| [1004109] Microsoft Distributed Transaction Coordinator Can Be Crashed By Remote Users Sending Malformed Packets
3263| [1004090] Microsoft Back Office Web Administration Authentication Mechanism Can Be Bypassed By Remote Users
3264| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
3265| [1004079] Microsoft Internet Explorer (IE) 'dialogArguments' Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against IE Users
3266| [1004051] Microsoft Outlook Express for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed
3267| [1004050] Microsoft Office for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed
3268| [1004049] Microsoft Internet Explorer for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed
3269| [1004048] Microsoft Word Object Creation Flaw Lets Remote Users Create ActiveX That Will Consume Memory on the Victim's Computer
3270| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
3271| [1004014] Microsoft Internet Information Server ASP HTTP Header Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server
3272| [1004008] Microsoft Internet Information Server Comes With Code That Allows Remote Users to Conduct Cross-Site Scripting Attacks
3273| [1004005] Microsoft Internet Information Server Buffer Overflow in Chunked Encoding Mechanism Lets Remote Users Run Arbitrary Code on the Server
3274| [1004002] Microsoft Office Web Components Let Remote Users Determine if Specified Files Exist on Another User's Host
3275| [1004001] Microsoft Office Web Components Let Remote Users Gain Full Read and Write Control Over Another User's Clipboard, Even if Clipboard Access Via Scripts is Disabled
3276| [1004000] Microsoft Office Web Components Let Remote Users Write Code to Run in the Victim's Local Security Domain and Access Local or Remote Files
3277| [1003999] Microsoft Office Web Components in Office XP Lets Remote Users Cause Malicious Scripting to Be Executed By Another User's Browser Even If Scripting is Disabled
3278| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
3279| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
3280| [1003948] Microsoft Internet Explorer Cascading Style Sheets (CSS) Invalid Attribute Bug Lets Remote Users Read Portions of Files on the Victim's Computer
3281| [1003932] Microsoft Office XP Active Content Bug Lets Remote Users Cause Code to Be Executed on an Office User's Computer
3282| [1003922] Microsoft Outlook Web Access With SecurID Authentication May Allow Remote Users to Avoid the SecurID Authentication in Certain Cases
3283| [1003915] Microsoft Internet Explorer Browser Security Zone Flaw Lets Remote Users Cause Cookie-based Scripts to Be Executed on Another User's Browser in the Incorrect Security Domain
3284| [1003907] Microsoft Internet Explorer Discloses The Existence of and Details of Local Files to Remote Users
3285| [1003871] Microsoft .NET Unspecified Vulnerabilities May Allow a Remote User to Cause Arbitrary Code to Be Executed on Another User's Systems
3286| [1003856] Microsoft Internet Explorer Can Be Crashed By Malicious 'location.replace' Javascript
3287| [1003839] Microsoft Internet Explorer (IE) 6 Lets Remote Users Cause Files to Be Downloaded and Executed Without the Knowledge or Consent of the Victim
3288| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
3289| [1003800] A Multitude of Microsoft SQL Server Extended Stored Procedures Have Buffer Overflows That Allow Remote Users to Crash the Database Server or Execute Arbitrary Code on the Server to Gain Full Control of the System
3290| [1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations
3291| [1003756] Microsoft Internet Information Server 4.0 .HTR Web Application Lets Users Change Their Passwords When the NT Security Policy is Configured to Prohibit Password Changing
3292| [1003744] Microsoft SQL Server 'xp_dirtree' Buffer Overflow Lets Users Crash the Database Service
3293| [1003730] Microsoft Java Virtual Machine in Internet Explorer Lets Remote Malicious Applets Redirect Web Proxy Connections
3294| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
3295| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
3296| [1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server
3297| [1003685] Microsoft Exchange Server Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server
3298| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
3299| [1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files
3300| [1003630] Microsoft Internet Explorer Has Another Frame Domain Security Bug That Lets Remote Users View Files or Other Personal Information from a Victim's Computer By Using Malicious VBScripts
3301| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
3302| [1003611] Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host
3303| [1003605] Microsoft SQL Server Buffer Overflow Lets Remote Users Crash the Server and May Allow Remote Code to Be Executed on the Database Server
3304| [1003597] Microsoft Outlook Web Access Discloses 'Include' Archive Files in the 'lib' Directory to Remote Users
3305| [1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations
3306| [1003582] Microsoft Internet Security Acceleration Server Can Be Affected By Remote Users Conducting a LAND Flood Attack
3307| [1003556] Microsoft Visual C++ Compiler Buffer Security Mode Does Not Eliminate Buffer Overflows in Compiled Applications
3308| [1003546] Microsoft Outlook E-mail Client May Display Potentially Malicious File Attachments Illegally Embedded Within Mail Headers
3309| [1003540] Microsoft Internet Explorer Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser
3310| [1003538] NetWin CWMail Web-Mail Server Buffer Overflow Lets Remote Users Execute Arbitrary Code on the System With the Privileges of the IIS Web Server
3311| [1003519] Microsoft Internet Explorer (IE) HTML Directive Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed on Another User's Computer
3312| [1003517] Microsoft Internet Explorer (IE) 'Content-Type' Processing Hole Lets Remote Users Open Applications on Another User's Computer
3313| [1003516] Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System
3314| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
3315| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
3316| [1003462] Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers
3317| [1003458] Microsoft Office v. X for Mac OS X Can Be Crashed By Remote Users Sending Malformed Product Identification Packets
3318| [1003446] Microsoft Internet Information Server Can Be Stopped By Local Users Removing Virtual Directories in a Shared Hosting Environment
3319| [1003434] Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users
3320| [1003420] Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users
3321| [1003419] Microsoft Site Server Commerce Edition Lets Remote Users With Valid NT Accounts Upload and Then Execute ASP Scripts on the Server or Consume Disk Space on the Server
3322| [1003415] Microsoft Distributed Transaction Coordinator (MSDTC) Service Can Be Crashed By Remote Users
3323| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
3324| [1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users
3325| [1003326] Microsoft Internet Explorer for Macintosh OS Executes Remotely Supplied Commands in AppleScripts
3326| [1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations
3327| [1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail
3328| [1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities
3329| [1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC
3330| [1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users
3331| [1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents
3332| [1003215] Microsoft Internet Explorer Popup Object Tag Flaw Lets Remote Users Execute Programs on the Browser's Host
3333| [1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions
3334| [1003135] Microsoft Internet Explorer Can Be Crashed By Remote Users With Javascript That Calls an Endless Loop of Modeless Dialogs
3335| [1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes
3336| [1003109] Microsoft Internet Explorer (IE) May Allow Malicious Javascript to Poll a User's System for Known Files
3337| [1003084] Microsoft Internet Explorer GetObject() Active Scripting Bug Lets Remote Code Access Files on the PC
3338| [1003050] Microsoft Internet Explorer Web Browser Can Be Crashed By Malicious Image Source Tag Javascript Supplied By Remote Users
3339| [1003049] Microsoft Internet Explorer (IE) Text Form Processing Flaw May Cause IE to Crash
3340| [1003043] PGP Plug-in For Microsoft Outlook May Fail to Encrypt E-mail in Certain Situations
3341| [1003042] Microsoft Internet Explorer Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information
3342| [1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users
3343| [1003040] Microsoft Excel Password Protection Flaw Lets Local Users Obtain Contents of Password-Protect Cells
3344| [1003033] Microsoft C Runtime Format String Flaw Lets Remote Users Crash the Microsoft SQL Server Service
3345| [1003032] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code in the Security Context of the SQL Server
3346| [1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts
3347| [1003024] Microsoft Internet Explorer (IE) Web Browser 'document.open()' Scripting Flaw Lets Remote Users Steal Cookies, Read Local Files, and Spoof Web Sites
3348| [1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations
3349| [1002986] Microsoft Internet Explorer Version 6 Lets Remote Scripts Access and Send Local Files
3350| [1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users
3351| [1002973] Microsoft Internet Explorer (IE 6) Browser May Automatically and Silently Execute Arbitrary Code from a Remote Web Site When the User Views a Web Page or HTML-based E-mail
3352| [1002957] Microsoft Internet Information Server Can Be Crashed By Remote Users With HTTP Requests Containing Invalid Content-Length Values
3353| [1002942] Microsoft Internet Explorer May Execute Javascript Contained Within an 'About:' URL in an Unauthorized Security Domain When the URL Contains an Extraneous '%' Character
3354| [1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts
3355| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
3356| [1002919] Microsoft Internet Explorer Browser Can Be Crashed By Certain Image Tags
3357| [1002915] Microsoft Outlook Web Access for Exchange May Execute Remotely Supplied Scripts When a Recipient Views a Malicious E-mail Message
3358| [1002885] Microsoft Internet Explorer Can Be Crashed By Malicious Javascript Causing a Stack Overflow in setTimeout() Function
3359| [1002823] Microsoft Internet Explorer Fails to Enforce Cookie Prompting Preferences for Local Security Zone
3360| [1002820] Microsoft Internet Explorer Allows Malicious Web Pages to Spoof Downloadable File Types And Execute Code on the User's Computer When Opened Directly from the Browser
3361| [1002819] Microsoft Internet Explorer ActiveX Flaw Permits Remote Malicious HTML Code Containing an 'htmlfile' or 'htmlfile_FullWindowEmbed' Object to Access Local Files and Potentially Execute Commands
3362| [1002802] Microsoft Help and Support Center Software (helpctr.exe) Has Buffer Overflow That May Allow a Remote User to Cause Arbitrary Code to Be Executed on a User's PC
3363| [1002773] Titan Application Firewall for IIS Web Server Fails to Decode URLs, Letting Remote Users Bypass URL-based Firewall Restrictions
3364| [1002772] Microsoft Internet Explorer Cookie Disclosure Fix Discloses Patch Information to Remote Users
3365| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
3366| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
3367| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
3368| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
3369| [1002728] Microsoft SQL Server May Disclose Database Passwords When Creating Data Transformation Service (DTS) Packages
3370| [1002702] Microsoft Passport May Disclose Wallet Contents, Including Credit Card and Contact Information, to Remote Users
3371| [1002693] Microsoft Internet Security and Acceleration Server UDP Fragmentation Processing Can Cause 100% of CPU Resources to Be Consumed
3372| [1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users
3373| [1002595] Microsoft Internet Explorer Has Fixed Security Zone for about: URLs and Has Shared Cookie Flaw That Diminishes Cross-Site Scripting Protections
3374| [1002594] Microsoft Internet Explorer for Mac OS X is Configured to Automatically Execute Downloaded Files
3375| [1002581] Microsoft Terminal Servers Can Be Crashed By Remote Users Sending Certain Remote Desktop Protocol (RDP) Packets
3376| [1002560] Internet Explorer Sends Potentially Sensitive Web Browser Contents to Microsoft via the Network When an Error Occurs
3377| [1002559] Microsoft Office XP Sends Potentially Sensitive Information to Microsoft Via the Network When an Error Occurs
3378| [1002526] Microsoft Internet Explorer (IE) Web Browser Has Multiple URL-related Flaws That May Allow for Remote Code Execution, Remote HTTP Request Generation, and Application of Incorrect Security Restrictions
3379| [1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users
3380| [1002487] Microsoft PowerPoint Macro Security Features Can Be Bypassed by Malformed PowerPoint Documents
3381| [1002486] Microsoft Excel Macro Security Features Can Be Bypassed by Malformed Excel Documents
3382| [1002456] Microsoft Outlook Web Access Directory Validation Flaw Lets Remote Users Consume CPU Resources by Requesting Mail from Nested Folders
3383| [1002421] Microsoft Index Server Sample File Discloses File Information to Remote Users
3384| [1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations
3385| [1002413] Microsoft Outlook Express Will Execute Active Scripting in Plain Text E-mail Messages, Circumventing Some Scripting Controls
3386| [1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets
3387| [1002385] Norton Anti-Virus For Microsoft Exchange Discloses User Path Information to Remote Users
3388| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
3389| [1002331] Internet Security Systems RealSecure Intrusion Detection Misses '%u' Encoded Attacks Against Microsoft Web Servers
3390| [1002330] Cisco Catalyst 6000 Intrusion Detection System Module Fails to Detect '%u' Encoding Obfuscation Attacks Against Microsoft Web Servers
3391| [1002329] Dragon Sensor Intrusion Detection System Does Not Detect Certain Attacks Against Microsoft Web Servers
3392| [1002327] Snort Network Intrusion Detection System Will Not Detect '%u' URL Encoding Attacks Against Microsoft Web Servers
3393| [1002326] Cisco Secure Intrusion Detection System (NetRanger) Fails to Detect Certain Attacks Against Microsoft Web Servers
3394| [1002317] Microsoft DNS Server Software Susceptible to DNS Cache Poisoning in Default Configuration, Allowing Remote Users to Inject False DNS Records in Certain Situations
3395| [1002269] Microsoft Outlook Web Access with SSL Can Be Crashed by Remote Users
3396| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
3397| [1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack
3398| [1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash
3399| [1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program
3400| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
3401| [1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service
3402| [1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service
3403| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
3404| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
3405| [1002075] Microsoft Services for Unix Memory Leak in Telnet and NFS Services Allows Remote Users to Crash the Operating System
3406| [1002028] Microsoft Exchange LDAP Service Can Be Crashed By Remote Users
3407| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
3408| [1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption
3409| [1001984] Microsoft Outlook Allows Rogue HTML to Execute Arbitrary Commands on the User's Host
3410| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
3411| [1001923] Microsoft's Internet Information Server's ASP Processor Can Be Crashed by Remote Users in Certain Situations
3412| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
3413| [1001819] Microsoft NetMeeting Can Be Crashed By Remote Users
3414| [1001816] Microsoft Visual Studio RAD Support Component of FrontPage Lets Remote Users Execute Arbitrary Code on the FrontPage Server
3415| [1001815] Microsoft Word May Execute Macros in Malformed Word Documents Without Warning Even if Macros are Disabled
3416| [1001775] Microsoft Index Server Lets Remote Users Execute Arbitrary Code With System Level Privileges, Giving Remote Users Full Control of the Operating System
3417| [1001734] Microsoft SQL Server May Let Remote Authenticated Users Take Full Control of the Database Server and the Underlying Operating System
3418| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
3419| [1001699] Microsoft Internet Explorer Web Browser May Allow Remote Users to Read Some Text Files on the Browser's Hard Drive
3420| [1001696] Microsoft Exchange Server's Outlook Web Access (OWA) Lets Remote Users Execute Arbitrary Code on the OWA User's Web Browser
3421| [1001687] Microsoft Outlook Express May Allow A Remote User to Obtain E-mail Destined for a Different User
3422| [1001661] Microsoft Hotmail May Allow a Worm to Send Mail to Other Destinations Listed in a Remote User's Inbox
3423| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
3424| [1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host
3425| [1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning
3426| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
3427| [1001562] Microsoft Internet Explorer Allows Remote Web Sites to Cause a Different Web URL Address to Be Displayed in the Browser's Address Bar, Allowing Rogue Web Sites to Spoof the Browser and Masquerade as Different Web Sites
3428| [1001561] Microsoft Internet Explorer Web Browser Fails To Validate Digital Certificates in Some Configurations, Allowing Rogue Secure Web Sites to Spoof the Browser and Masquerade as a Different Secure Web Site
3429| [1001538] Older Version of Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users
3430| [1001537] Microsoft's Internet Information Server's FTP Services May Give Remote Users Information About User Account Names on the Server's Domain and Trusted Domains
3431| [1001535] Microsoft's Internet Information Server's FTP Services Can Be Crashed By Remote Users
3432| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
3433| [1001512] Microsoft Index Server for NT Can Be Crashed By Local Users, Allows Local Users to Execute Arbitrary Code With System Level Privileges, and Lets Remote Users View Certain Include Files
3434| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
3435| [1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System
3436| [1001445] Microsoft Internet Security and Acceleration Server May Allow Remote Users to Execute Arbitrary Code on the Firewall
3437| [1001424] Microsoft Internet Explorer Can Consume All Memory Due to Malicious HTML Code
3438| [1001380] Microsoft Internet Explorer and Outlook Express May Execute Arbitrary Code Without User Authorization or Intervention
3439| [1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention
3440| [1001344] Microsoft Internet Explorer May Not Display File Extensions in Certain Cases
3441| [1001330] Microsoft ActiveSync Software for Portable Computing Devices Allows Portable Devices to Access Files on a Locked Server
3442| [1001319] Microsoft Internet Security and Acceleration Server Can Be Crashed By Remote Users
3443| [1001311] Netscape's SmartDownload Can Automatically Execute Arbitrary Code Without User Intervention or Knowledge for Both Netscape and Microsoft Browsers
3444| [1001255] Microsoft's Ping.exe Allows Local Users to Cause Certain Applications to Crash
3445| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
3446| [1001221] E-Mail Clients that use Microsoft Internet Explorer to Process HTML May Disguise Executable Attachments as Data Files
3447| [1001219] Microsoft's Internet Security and Acceleration Server Performance Can Be Significantly Affected By Remote Users Under Certain Configurations
3448| [1001216] Microsoft Internet Explorer Can Be Made to Execute Arbitrary Files on the User's Computer
3449| [1001211] TrendMicro's ScanMail E-Mail Virus Scanner for Microsoft Exchange Discloses Administrative System Usernames and Passwords
3450| [1001210] Microsoft Internet Explorer Allows Malicious Web Pages to Retrieve Files from the User's Computer
3451| [1001209] Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash
3452| [1001197] Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments
3453| [1001187] Microsoft Internet Explorer Is Vulnerable to Malicious Web Pages That May Obtain the User's Exchange E-mail Messages and May Access Restricted Web Server Directory Listings
3454| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
3455| [1001172] Microsoft Visual Studio Could Allow Users to Crash the Debugger or to Execute Code on the Server
3456| [1001163] Microsoft's Dr. Watson Diagnostic Utility May Reveal Passwords and Other Sensitive Information
3457| [1001147] Microsoft Outlook Express Crashes When Reading Certain E-mail Messages
3458| [1001142] Microsoft Internet Explorer Does Not Check for Revoked Digital Certificates (Two Fraudlent Certificates Are Known to Exist)
3459| [1001139] SurfControl for Microsoft Proxy Server May Fail to Block Sites
3460| [1001123] Microsoft's FTP Server May Allow Remote Users to Deny Service on the Server
3461| [1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events
3462| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
3463|
3464| OSVDB - http://www.osvdb.org:
3465| [91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass
3466| [91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own)
3467| [91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own)
3468| [85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness
3469| [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution
3470| [87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS
3471| [87262] Microsoft IIS FTP Command Injection Information Disclosure
3472| [87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure
3473| [86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure
3474| [83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure
3475| [83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization
3476| [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure
3477| [82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass
3478| [76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS
3479| [71856] Microsoft IIS Status Header Handling Remote Overflow
3480| [70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow
3481| [67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass
3482| [67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow
3483| [67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS
3484| [66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass
3485| [65216] Microsoft IIS Extended Protection for Authentication Memory Corruption
3486| [62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS
3487| [61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation
3488| [61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass
3489| [61249] Microsoft IIS ctss.idc table Parameter SQL Injection
3490| [59892] Microsoft IIS Malformed Host Header Remote DoS
3491| [59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
3492| [59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
3493| [59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS
3494| [57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS
3495| [57589] Microsoft IIS FTP Server NLST Command Remote Overflow
3496| [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass
3497| [55269] Microsoft IIS Traversal GET Request Remote DoS
3498| [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass
3499| [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing
3500| [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS
3501| [52238] Microsoft IIS IDC Extension XSS
3502| [49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation
3503| [49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS
3504| [49059] Microsoft IIS IPP Service Unspecified Remote Overflow
3505| [45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass
3506| [43451] Microsoft IIS HTTP Request Smuggling
3507| [41456] Microsoft IIS File Change Handling Local Privilege Escalation
3508| [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution
3509| [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
3510| [41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation
3511| [41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass
3512| [35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution
3513| [33457] Microsoft IIS Crafted TCP Connection Range Header DoS
3514| [28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
3515| [27152] Microsoft Windows IIS ASP Page Processing Overflow
3516| [27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
3517| [23590] Microsoft IIS Traversal Arbitrary FPSE File Access
3518| [21805] Microsoft IIS Crafted URL Remote DoS
3519| [21537] Microsoft IIS Log File Permission Weakness Remote Modification
3520| [18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
3521| [17124] Microsoft IIS Malformed WebDAV Request DoS
3522| [17123] Microsoft IIS Multiple Unspecified Admin Pages XSS
3523| [17122] Microsoft IIS Permission Weakness .COM File Upload
3524| [15749] Microsoft IIS / Site Server code.asp Arbitrary File Access
3525| [15342] Microsoft IIS Persistent FTP Banner Information Disclosure
3526| [14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
3527| [13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing
3528| [13760] Microsoft IIS Malformed URL Request DoS
3529| [13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow
3530| [13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS
3531| [13558] Microsoft IIS SSL Request Resource Exhaustion DoS
3532| [13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access
3533| [13479] Microsoft IIS for Far East Parsed Page Source Disclosure
3534| [13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure
3535| [13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS
3536| [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
3537| [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
3538| [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure
3539| [13430] Microsoft IIS aexp4.htr Password Policy Bypass
3540| [13429] Microsoft IIS aexp3.htr Password Policy Bypass
3541| [13428] Microsoft IIS aexp2b.htr Password Policy Bypass
3542| [13427] Microsoft IIS aexp2.htr Password Policy Bypass
3543| [13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure
3544| [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS
3545| [11455] Microsoft IIS / PWS DOS Filename Request Access Bypass
3546| [11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure
3547| [11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure
3548| [11257] Microsoft IIS Malformed GET Request DoS
3549| [11157] Microsoft IIS FTP Service PASV Connection Saturation DoS
3550| [11101] Microsoft IIS Multiple Slash ASP Page Request DoS
3551| [9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure
3552| [9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution
3553| [9200] Microsoft IIS Unspecified XSS Variant
3554| [9199] Microsoft IIS shtml.dll XSS
3555| [8098] Microsoft IIS Virtual Directory ASP Source Disclosure
3556| [7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
3557| [7737] Microsoft IIS ASP Redirection Function XSS
3558| [7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking
3559| [5851] Microsoft IIS Single Dot Source Code Disclosure
3560| [5736] Microsoft IIS Relative Path System Privilege Escalation
3561| [5693] Microsoft MS00-060 Patch IIS Malformed Request DoS
3562| [5633] Microsoft IIS Invalid WebDAV Request DoS
3563| [5606] Microsoft IIS WebDAV PROPFIND Request DoS
3564| [5584] Microsoft IIS URL Redirection Malformed Length DoS
3565| [5566] Microsoft IIS Form_VBScript.asp XSS
3566| [5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow
3567| [4864] Microsoft IIS TRACK Logging Failure
3568| [4863] Microsoft IIS Active Server Page Header DoS
3569| [4791] Microsoft IIS Response Object DoS
3570| [4655] Microsoft IIS ssinc.dll Long Filename Overflow
3571| [4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow
3572| [3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation
3573| [3500] Microsoft IIS fpcount.exe Remote Overflow
3574| [3341] Microsoft IIS Redirect Response XSS
3575| [3339] Microsoft IIS HTTP Error Page XSS
3576| [3338] Microsoft IIS Help File XSS
3577| [3328] Microsoft IIS FTP Status Request DoS
3578| [3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS
3579| [3325] Microsoft IIS HTR ISAPI Overflow
3580| [3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow
3581| [3320] Microsoft IIS ASP Server-Side Include Buffer Overflow
3582| [3316] Microsoft IIS HTTP Header Field Delimiter Overflow
3583| [3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow
3584| [3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval
3585| [3231] Microsoft IIS Log Bypass
3586| [2106] Microsoft Media Services ISAPI nsiislog.dll Overflow
3587| [1931] Microsoft IIS MIME Content-Type Header DoS
3588| [1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow
3589| [1826] Microsoft IIS Domain Guest Account Disclosure
3590| [1824] Microsoft IIS FTP DoS
3591| [1804] Microsoft IIS Long Request Parsing Remote DoS
3592| [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS
3593| [1750] Microsoft IIS File Fragment Disclosure
3594| [1543] Microsoft NT/IIS Invalid URL Request DoS
3595| [1504] Microsoft IIS File Permission Canonicalization Bypass
3596| [1465] Microsoft IIS .htr Missing Variable DoS
3597| [1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure
3598| [1322] Microsoft IIS Malformed .htr Request DoS
3599| [1281] Microsoft IIS Escaped Character Saturation Remote DoS
3600| [1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS
3601| [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access
3602| [1170] Microsoft IIS Escape Character URL Access Bypass
3603| [1083] Microsoft IIS FTP NO ACCESS Read/Delete File
3604| [1082] Microsoft IIS Domain Resolution Access Bypass
3605| [1041] Microsoft IIS Malformed HTTP Request Header DoS
3606| [1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation
3607| [930] Microsoft IIS Shared ASP Cache Information Disclosure
3608| [929] Microsoft IIS FTP Server NLST Command Overflow
3609| [928] Microsoft IIS Long Request Log Evasion
3610| [815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure
3611| [814] Microsoft IIS global.asa Remote Information Disclosure
3612| [782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access
3613| [771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation
3614| [768] Microsoft IIS ASP Chunked Encoding Heap Overflow
3615| [636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure
3616| [630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure
3617| [568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow
3618| [564] Microsoft IIS ISM.dll Fragmented Source Disclosure
3619| [556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution
3620| [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution
3621| [482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS
3622| [475] Microsoft IIS bdir.htr Arbitrary Directory Listing
3623| [474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access
3624| [473] Microsoft IIS Multiple .cnf File Information Disclosure
3625| [471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure
3626| [470] Microsoft IIS Form_JScript.asp XSS
3627| [463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
3628| [436] Microsoft IIS Unicode Remote Command Execution
3629| [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
3630| [391] Microsoft IIS IDA/IDQ Document Root Path Disclosure
3631| [390] Microsoft IIS Translate f: Request ASP Source Disclosure
3632| [308] Microsoft IIS Malformed File Extension URL DoS
3633| [285] Microsoft IIS repost.asp File Upload
3634| [284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration
3635| [283] Microsoft IIS /iissamples Multiple Sample Scripts Installed
3636| [277] Microsoft IIS / PWS %2e Request ASP Source Disclosure
3637| [276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure
3638| [275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation
3639| [274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
3640| [273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation
3641| [272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution
3642| [271] Microsoft IIS WebHits null.htw .asp Source Disclosure
3643| [98] Microsoft IIS perl.exe HTTP Path Disclosure
3644| [97] Microsoft IIS ISM.DLL HTR Request Overflow
3645| [96] Microsoft IIS idq.dll Traversal Arbitrary File Access
3646| [7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
3647| [4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS
3648| [3] Microsoft IIS ExAir query.asp Direct Request Remote DoS
3649| [2] Microsoft IIS ExAir search.asp Direct Request DoS
3650|_
3651Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3652Device type: general purpose|specialized|phone
3653Running (JUST GUESSING): Microsoft Windows 2008|7|Vista|8.1|Phone (89%)
3654OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_8.1:r1 cpe:/o:microsoft:windows
3655Aggressive OS guesses: Microsoft Windows Server 2008 R2 or Windows 8 (89%), Microsoft Windows 7 SP1 (89%), Microsoft Windows Server 2008 R2 (88%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (88%), Microsoft Windows 7 Professional or Windows 8 (88%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (88%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (88%), Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008 (88%), Microsoft Windows Vista SP2 (88%), Microsoft Windows Server 2008 (87%)
3656No exact OS matches for host (test conditions non-ideal).
3657Uptime guess: 197.158 days (since Tue Apr 30 10:08:48 2019)
3658Network Distance: 19 hops
3659TCP Sequence Prediction: Difficulty=252 (Good luck!)
3660IP ID Sequence Generation: Busy server or unknown class
3661Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
3662
3663TRACEROUTE (using port 80/tcp)
3664HOP RTT ADDRESS
36651 141.51 ms 10.209.200.1
36662 ...
36673 142.72 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
36684 142.52 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
36695 147.53 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
36706 143.14 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
36717 142.79 ms level3.sto01.atlas.cogentco.com (130.117.14.6)
36728 174.38 ms ae-2-3203.edge1.Budapest1.Level3.net (4.69.143.122)
36739 ... 14
367415 214.23 ms 06-balgat-t3-1---06-balgat-t2-2.statik.turktelekom.com.tr (195.175.169.187)
367516 213.65 ms 176.117.97.66
367617 216.34 ms 176.117.97.66
367718 ...
367819 217.43 ms 176.117.96.21
3679
3680NSE: Script Post-scanning.
3681Initiating NSE at 12:56
3682Completed NSE at 12:56, 0.00s elapsed
3683Initiating NSE at 12:56
3684Completed NSE at 12:56, 0.00s elapsed
3685#######################################################################################################################################
3686https://176.117.96.21 [302 Found] Country[TURKEY][TR], HTTPServer[Microsoft-IIS/7.5], IP[176.117.96.21], Microsoft-IIS[7.5], Microsoft-Sharepoint[15.0.0.4420], RedirectLocation[https://176.117.96.21/SitePages/default.aspx], Title[Document Moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN], X-Powered-By[ASP.NET]
3687https://176.117.96.21/SitePages/default.aspx [200 OK] ASP_NET[4.0.30319], Country[TURKEY][TR], HTTPServer[Microsoft-IIS/7.5], IP[176.117.96.21], Microsoft-IIS[7.5], Microsoft-Sharepoint[15.0.0.4420], Script[text/javascript], Title[Untitled 1][Title element contains newline(s)!], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN], X-Powered-By[ASP.NET], X-UA-Compatible[IE=10]
3688#######################################################################################################################################
3689Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 12:56 EST
3690NSE: Loaded 163 scripts for scanning.
3691NSE: Script Pre-scanning.
3692Initiating NSE at 12:56
3693Completed NSE at 12:56, 0.00s elapsed
3694Initiating NSE at 12:56
3695Completed NSE at 12:56, 0.00s elapsed
3696Initiating Parallel DNS resolution of 1 host. at 12:56
3697Completed Parallel DNS resolution of 1 host. at 12:56, 0.02s elapsed
3698Initiating SYN Stealth Scan at 12:56
3699Scanning 176.117.96.21 [1 port]
3700Discovered open port 443/tcp on 176.117.96.21
3701Completed SYN Stealth Scan at 12:56, 0.26s elapsed (1 total ports)
3702Initiating Service scan at 12:56
3703Scanning 1 service on 176.117.96.21
3704Completed Service scan at 12:57, 14.45s elapsed (1 service on 1 host)
3705Initiating OS detection (try #1) against 176.117.96.21
3706Retrying OS detection (try #2) against 176.117.96.21
3707Initiating Traceroute at 12:57
3708Completed Traceroute at 12:57, 3.20s elapsed
3709Initiating Parallel DNS resolution of 14 hosts. at 12:57
3710Completed Parallel DNS resolution of 14 hosts. at 12:57, 0.44s elapsed
3711NSE: Script scanning 176.117.96.21.
3712Initiating NSE at 12:57
3713NSE Timing: About 37.46% done; ETC: 12:58 (0:00:52 remaining)
3714NSE Timing: About 70.83% done; ETC: 12:59 (0:00:35 remaining)
3715NSE Timing: About 82.13% done; ETC: 13:00 (0:00:30 remaining)
3716NSE Timing: About 83.22% done; ETC: 13:00 (0:00:34 remaining)
3717NSE Timing: About 83.62% done; ETC: 13:01 (0:00:40 remaining)
3718NSE Timing: About 83.73% done; ETC: 13:02 (0:00:48 remaining)
3719NSE Timing: About 83.89% done; ETC: 13:03 (0:00:57 remaining)
3720NSE Timing: About 84.67% done; ETC: 13:04 (0:01:05 remaining)
3721NSE Timing: About 86.05% done; ETC: 13:05 (0:01:09 remaining)
3722NSE Timing: About 87.38% done; ETC: 13:06 (0:01:12 remaining)
3723NSE Timing: About 88.41% done; ETC: 13:08 (0:01:14 remaining)
3724NSE: [http-wordpress-enum 176.117.96.21:443] got no answers from pipelined queries
3725NSE Timing: About 90.07% done; ETC: 13:09 (0:01:11 remaining)
3726NSE Timing: About 91.39% done; ETC: 13:10 (0:01:07 remaining)
3727NSE Timing: About 93.38% done; ETC: 13:11 (0:00:56 remaining)
3728NSE Timing: About 95.03% done; ETC: 13:12 (0:00:44 remaining)
3729NSE Timing: About 95.70% done; ETC: 13:12 (0:00:40 remaining)
3730Completed NSE at 13:17, 1237.85s elapsed
3731Initiating NSE at 13:17
3732Completed NSE at 13:18, 8.32s elapsed
3733Nmap scan report for 176.117.96.21
3734Host is up (0.22s latency).
3735
3736PORT STATE SERVICE VERSION
3737443/tcp open ssl/https?
3738|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
3739| http-brute:
3740|_ Path "/" does not require authentication
3741|_http-chrono: Request times for /; avg: 22333.04ms; min: 22306.91ms; max: 22364.44ms
3742|_http-csrf: Couldn't find any CSRF vulnerabilities.
3743|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasin
3744######################################################################################################################################
3745Arachni - Web Application Security Scanner Framework v1.5.1
3746 Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
3747
3748 (With the support of the community and the Arachni Team.)
3749
3750 Website: http://arachni-scanner.com
3751 Documentation: http://arachni-scanner.com/wiki
3752
3753
3754[+] In server with action http://176.117.96.21/
3755[+] Interesting responses: Found an interesting response -- Code: 401.
3756[+] In server with action http://176.117.96.21/%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E
3757[+] Interesting responses: Found an interesting response -- Code: 400.
3758[+] In server with action http://176.117.96.21/%3E%22'%3E%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E
3759[+] Interesting responses: Found an interesting response -- Code: 400.
3760[+] In server with action http://176.117.96.21/SitePages/default.aspx~/
3761[+] Interesting responses: Found an interesting response -- Code: 500.
3762[+] In server with action http://176.117.96.21/SitePages/./
3763[+] Interesting responses: Found an interesting response -- Code: 302.
3764[+] In server with action http://176.117.96.21/SitePages/perl-reverse-shell.pl
3765[+] Interesting responses: Found an interesting response -- Code: 415.
3766[+] In server with action http://176.117.96.21/SitePages/_private/
3767[+] Interesting responses: Found an interesting response -- Code: 403.
3768[+] In server with action http://176.117.96.21/SitePages/default.aspx
3769[+] Interesting responses: Found an interesting response -- Code: 500.
3770[+] In server with action http://176.117.96.21/SitePages/?%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E=
3771[+] Interesting responses: Found an interesting response -- Code: 302.
3772[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3773[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3774[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3775[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3776[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3777[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3778[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3779[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3780[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3781[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3782[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3783[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3784[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3785[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3786[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3787[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3788[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3789[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3790[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3791[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3792[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3793[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3794[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3795[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3796[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3797[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3798[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3799[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3800[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3801[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3802[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3803[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3804[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3805[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3806[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3807[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3808[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3809[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3810[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3811[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3812[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3813[-] Blind SQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3814[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3815[-] Blind NoSQL Injection (differential analysis): Server returned status (500), aborting analysis for form variable '__VIEWSTATE' with action 'http://176.117.96.21/SitePages/default.aspx'.
3816================================================================================
3817
3818
3819[+] Web Application Security Report - Arachni Framework
3820
3821[~] Report generated on: 2019-11-13 11:49:41 -0500
3822[~] Report false positives at: http://github.com/Arachni/arachni/issues
3823
3824[+] System settings:
3825[~] ---------------
3826[~] Version: 1.5.1
3827[~] Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
3828[~] Audit started on: 2019-11-13 11:49:11 -0500
3829[~] Audit finished on: 2019-11-13 11:49:41 -0500
3830[~] Runtime: 00:00:29
3831
3832[~] URL: http://176.117.96.21/
3833[~] User agent: Arachni/v1.5.1
3834
3835[*] Audited elements:
3836[~] * Links
3837[~] * Forms
3838[~] * Cookies
3839[~] * XMLs
3840[~] * JSONs
3841[~] * UI inputs
3842[~] * UI forms
3843
3844[*] Checks: backup_directories, backup_files, insecure_cross_domain_policy_access, localstart_asp, directory_listing, http_put, origin_spoof_access_restriction_bypass, backdoors, common_directories, common_files, allowed_methods, htaccess_limit, interesting_responses, xst, webdav, insecure_cross_domain_policy_headers, hsts, http_only_cookies, captcha, form_upload, cookie_set_for_parent_domain, insecure_cors_policy, insecure_cookies, x_frame_options, password_autocomplete, unencrypted_password_forms, private_ip, mixed_resource, html_objects, cvs_svn_users, emails, ssn, credit_card, common_admin_interfaces, insecure_client_access_policy, file_inclusion, xss_dom_script_context, code_injection_php_input_wrapper, response_splitting, xss_tag, sql_injection_timing, path_traversal, unvalidated_redirect, no_sql_injection_differential, xss, xss_dom, os_cmd_injection, csrf, unvalidated_redirect_dom, rfi, xss_script_context, ldap_injection, xxe, xss_event, xpath_injection, os_cmd_injection_timing, code_injection_timing, xss_path, no_sql_injection, sql_injection_differential, code_injection, source_code_disclosure, trainer, sql_injection, session_fixation
3845
3846[~] ===========================
3847
3848[+] 9 issues were detected.
3849
3850[+] [1] Interesting response (Trusted)
3851[~] ~~~~~~~~~~~~~~~~~~~~
3852[~] Digest: 74684246
3853[~] Severity: Informational
3854[~] Description:
3855[~]
3856The server responded with a non 200 (OK) nor 404 (Not Found) status code.
3857This is a non-issue, however exotic HTTP response status codes can provide useful
3858insights into the behavior of the web application and assist with the penetration test.
3859
3860[~] Tags: interesting, response, server
3861[~] References:
3862[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
3863
3864[~] URL: http://176.117.96.21/SitePages/?%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E=
3865[~] Element: server
3866
3867[~] Proof: "HTTP/1.1 302 Redirect"
3868
3869[~] Referring page: http://176.117.96.21/
3870
3871[~] Affected page: http://176.117.96.21/SitePages/?%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E=
3872[~] HTTP request
3873GET /SitePages/?%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add%2F%3E= HTTP/1.1
3874Host: 176.117.96.21
3875Accept-Encoding: gzip, deflate
3876User-Agent: Arachni/v1.5.1
3877Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
3878Accept-Language: en-US,en;q=0.8,he;q=0.6
3879X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
3880
3881
3882
3883[+] [2] Interesting response (Trusted)
3884[~] ~~~~~~~~~~~~~~~~~~~~
3885[~] Digest: 2563793056
3886[~] Severity: Informational
3887[~] Description:
3888[~]
3889The server responded with a non 200 (OK) nor 404 (Not Found) status code.
3890This is a non-issue, however exotic HTTP response status codes can provide useful
3891insights into the behavior of the web application and assist with the penetration test.
3892
3893[~] Tags: interesting, response, server
3894[~] References:
3895[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
3896
3897[~] URL: http://176.117.96.21/SitePages/default.aspx
3898[~] Element: server
3899
3900[~] Proof: "HTTP/1.1 500 Internal Server Error"
3901
3902[~] Referring page: http://176.117.96.21/
3903
3904[~] Affected page: http://176.117.96.21/SitePages/default.aspx
3905[~] HTTP request
3906POST /SitePages/default.aspx HTTP/1.1
3907Host: 176.117.96.21
3908Accept-Encoding: gzip, deflate
3909User-Agent: Arachni/v1.5.1
3910Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
3911Accept-Language: en-US,en;q=0.8,he;q=0.6
3912X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
3913Content-Length: 168
3914Content-Type: application/x-www-form-urlencoded
3915
3916__VIEWSTATE=%2FwEPDwUBMGRkUB8ktQMHOpFiPbNcercEBalMpdpLZtvxezGtlbKrjLc%3D%20arachni_xss_in_tag%3D0f8b3a591dbd5a65fe5cc33b08d41add%20blah%3D&__VIEWSTATEGENERATOR=17E22E0C
3917
3918[+] [3] Interesting response (Trusted)
3919[~] ~~~~~~~~~~~~~~~~~~~~
3920[~] Digest: 344987147
3921[~] Severity: Informational
3922[~] Description:
3923[~]
3924The server responded with a non 200 (OK) nor 404 (Not Found) status code.
3925This is a non-issue, however exotic HTTP response status codes can provide useful
3926insights into the behavior of the web application and assist with the penetration test.
3927
3928[~] Tags: interesting, response, server
3929[~] References:
3930[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
3931
3932[~] URL: http://176.117.96.21/SitePages/_private/
3933[~] Element: server
3934
3935[~] Proof: "HTTP/1.1 403 FORBIDDEN"
3936
3937[~] Referring page: http://176.117.96.21/
3938
3939[~] Affected page: http://176.117.96.21/SitePages/_private/
3940[~] HTTP request
3941GET /SitePages/_private/ HTTP/1.1
3942Host: 176.117.96.21
3943Accept-Encoding: gzip, deflate
3944User-Agent: Arachni/v1.5.1
3945Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
3946Accept-Language: en-US,en;q=0.8,he;q=0.6
3947X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
3948
3949
3950
3951[+] [4] Interesting response (Trusted)
3952[~] ~~~~~~~~~~~~~~~~~~~~
3953[~] Digest: 1882380662
3954[~] Severity: Informational
3955[~] Description:
3956[~]
3957The server responded with a non 200 (OK) nor 404 (Not Found) status code.
3958This is a non-issue, however exotic HTTP response status codes can provide useful
3959insights into the behavior of the web application and assist with the penetration test.
3960
3961[~] Tags: interesting, response, server
3962[~] References:
3963[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
3964
3965[~] URL: http://176.117.96.21/SitePages/perl-reverse-shell.pl
3966[~] Element: server
3967
3968[~] Proof: "HTTP/1.1 415 UNSUPPORTED MEDIA TYPE"
3969
3970[~] Referring page: http://176.117.96.21/
3971
3972[~] Affected page: http://176.117.96.21/SitePages/perl-reverse-shell.pl
3973[~] HTTP request
3974GET /SitePages/perl-reverse-shell.pl HTTP/1.1
3975Host: 176.117.96.21
3976Accept-Encoding: gzip, deflate
3977User-Agent: Arachni/v1.5.1
3978Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
3979Accept-Language: en-US,en;q=0.8,he;q=0.6
3980X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
3981
3982
3983
3984[+] [5] Interesting response (Trusted)
3985[~] ~~~~~~~~~~~~~~~~~~~~
3986[~] Digest: 1669717708
3987[~] Severity: Informational
3988[~] Description:
3989[~]
3990The server responded with a non 200 (OK) nor 404 (Not Found) status code.
3991This is a non-issue, however exotic HTTP response status codes can provide useful
3992insights into the behavior of the web application and assist with the penetration test.
3993
3994[~] Tags: interesting, response, server
3995[~] References:
3996[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
3997
3998[~] URL: http://176.117.96.21/SitePages/./
3999[~] Element: server
4000
4001[~] Proof: "HTTP/1.1 302 Redirect"
4002
4003[~] Referring page: http://176.117.96.21/
4004
4005[~] Affected page: http://176.117.96.21/SitePages/./
4006[~] HTTP request
4007GET /SitePages/ HTTP/1.1
4008Host: 176.117.96.21
4009Accept-Encoding: gzip, deflate
4010User-Agent: Arachni/v1.5.1
4011Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
4012Accept-Language: en-US,en;q=0.8,he;q=0.6
4013X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
4014
4015
4016
4017[+] [6] Interesting response (Trusted)
4018[~] ~~~~~~~~~~~~~~~~~~~~
4019[~] Digest: 3650493340
4020[~] Severity: Informational
4021[~] Description:
4022[~]
4023The server responded with a non 200 (OK) nor 404 (Not Found) status code.
4024This is a non-issue, however exotic HTTP response status codes can provide useful
4025insights into the behavior of the web application and assist with the penetration test.
4026
4027[~] Tags: interesting, response, server
4028[~] References:
4029[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
4030
4031[~] URL: http://176.117.96.21/SitePages/default.aspx~/
4032[~] Element: server
4033
4034[~] Proof: "HTTP/1.1 500 INTERNAL SERVER ERROR"
4035
4036[~] Referring page: http://176.117.96.21/
4037
4038[~] Affected page: http://176.117.96.21/SitePages/default.aspx~/
4039[~] HTTP request
4040GET /SitePages/default.aspx~/ HTTP/1.1
4041Host: 176.117.96.21
4042Accept-Encoding: gzip, deflate
4043User-Agent: Arachni/v1.5.1
4044Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
4045Accept-Language: en-US,en;q=0.8,he;q=0.6
4046X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
4047
4048
4049
4050[+] [7] Interesting response (Trusted)
4051[~] ~~~~~~~~~~~~~~~~~~~~
4052[~] Digest: 3882729185
4053[~] Severity: Informational
4054[~] Description:
4055[~]
4056The server responded with a non 200 (OK) nor 404 (Not Found) status code.
4057This is a non-issue, however exotic HTTP response status codes can provide useful
4058insights into the behavior of the web application and assist with the penetration test.
4059
4060[~] Tags: interesting, response, server
4061[~] References:
4062[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
4063
4064[~] URL: http://176.117.96.21/%3E%22'%3E%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E
4065[~] Element: server
4066
4067[~] Proof: "HTTP/1.1 400 Bad Request"
4068
4069[~] Referring page: http://176.117.96.21/
4070
4071[~] Affected page: http://176.117.96.21/%3E%22'%3E%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E
4072[~] HTTP request
4073GET /%3E%22'%3E%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E HTTP/1.1
4074Host: 176.117.96.21
4075Accept-Encoding: gzip, deflate
4076User-Agent: Arachni/v1.5.1
4077Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
4078Accept-Language: en-US,en;q=0.8,he;q=0.6
4079X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
4080
4081
4082
4083[+] [8] Interesting response (Trusted)
4084[~] ~~~~~~~~~~~~~~~~~~~~
4085[~] Digest: 915609211
4086[~] Severity: Informational
4087[~] Description:
4088[~]
4089The server responded with a non 200 (OK) nor 404 (Not Found) status code.
4090This is a non-issue, however exotic HTTP response status codes can provide useful
4091insights into the behavior of the web application and assist with the penetration test.
4092
4093[~] Tags: interesting, response, server
4094[~] References:
4095[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
4096
4097[~] URL: http://176.117.96.21/%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E
4098[~] Element: server
4099
4100[~] Proof: "HTTP/1.1 400 Bad Request"
4101
4102[~] Referring page: http://176.117.96.21/
4103
4104[~] Affected page: http://176.117.96.21/%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E
4105[~] HTTP request
4106GET /%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E HTTP/1.1
4107Host: 176.117.96.21
4108Accept-Encoding: gzip, deflate
4109User-Agent: Arachni/v1.5.1
4110Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
4111Accept-Language: en-US,en;q=0.8,he;q=0.6
4112X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
4113
4114
4115
4116[+] [9] Interesting response (Trusted)
4117[~] ~~~~~~~~~~~~~~~~~~~~
4118[~] Digest: 2711485818
4119[~] Severity: Informational
4120[~] Description:
4121[~]
4122The server responded with a non 200 (OK) nor 404 (Not Found) status code.
4123This is a non-issue, however exotic HTTP response status codes can provide useful
4124insights into the behavior of the web application and assist with the penetration test.
4125
4126[~] Tags: interesting, response, server
4127[~] References:
4128[~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
4129
4130[~] URL: http://176.117.96.21/
4131[~] Element: server
4132
4133[~] Proof: "HTTP/1.1 401 Unauthorized"
4134
4135[~] Referring page: http://176.117.96.21/
4136
4137[~] Affected page: http://176.117.96.21/
4138[~] HTTP request
4139OPTIONS / HTTP/1.1
4140Host: 176.117.96.21
4141Accept-Encoding: gzip, deflate
4142User-Agent: Arachni/v1.5.1
4143Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
4144Accept-Language: en-US,en;q=0.8,he;q=0.6
4145X-Arachni-Scan-Seed: 0f8b3a591dbd5a65fe5cc33b08d41add
4146
4147
4148
4149
4150[+] Plugin data:
4151[~] ---------------
4152
4153
4154[*] Health map
4155[~] ~~~~~~~~~~~~~~
4156[~] Description: Generates a simple list of safe/unsafe URLs.
4157
4158[~] Legend:
4159[+] No issues
4160[-] Has issues
4161
4162[-] http://176.117.96.21/
4163[-] http://176.117.96.21/%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E
4164[-] http://176.117.96.21/%3E%22'%3E%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E
4165[-] http://176.117.96.21/SitePages/./
4166[-] http://176.117.96.21/SitePages/?%3Cmy_tag_0f8b3a591dbd5a65fe5cc33b08d41add/%3E=
4167[-] http://176.117.96.21/SitePages/_private/
4168[-] http://176.117.96.21/SitePages/default.aspx
4169[-] http://176.117.96.21/SitePages/default.aspx~/
4170[-] http://176.117.96.21/SitePages/perl-reverse-shell.pl
4171[+] http://176.117.96.21/wEPDwUBMGRkUB8ktQMHOpFiPbNcercEBalMpdpLZtvxezGtlbKrjLc
4172
4173[~] Total: 10
4174[+] Without issues: 1
4175[-] With issues: 9 ( 90% )
4176
4177[~] Report saved at: /usr/share/sniper/loot/web/http-176.117.96.21/176.117.96.21 2019-11-13 11_49_41 -0500.afr [0.01MB]
4178
4179[~] Audited 3 page snapshots.
4180
4181[~] Duration: 00:00:29
4182[~] Processed 1675/1675 HTTP requests.
4183[~] -- 57.247 requests/second.
4184[~] Processed 0/0 browser jobs.
4185[~] -- 0 second/job.
4186
4187[~] Currently auditing http://176.117.96.21/wEPDwUBMGRkUB8ktQMHOpFiPbNcercEBalMpdpLZtvxezGtlbKrjLc
4188[~] Burst response time sum 3.806 seconds
4189[~] Burst response count 13
4190[~] Burst average response time 0.293 seconds
4191[~] Burst average 21.126 requests/second
4192[~] Timed-out requests 0
4193[~] Original max concurrency 20
4194[~] Throttled max concurrency 20
4195
4196Arachni - Web Application Security Scanner Framework v1.5.1
4197 Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
4198
4199 (With the support of the community and the Arachni Team.)
4200
4201 Website: http://arachni-scanner.com
4202 Documentation: http://arachni-scanner.com/wiki
4203
4204
4205[-] Retrying for: https://176.117.96.21/ [SSL connect error]
4206[-] Retrying for: https://176.117.96.21/ [SSL connect error]
4207[-] Retrying for: https://176.117.96.21/ [SSL connect error]
4208[-] Retrying for: https://176.117.96.21/ [SSL connect error]
4209================================================================================
4210
4211
4212[+] Web Application Security Report - Arachni Framework
4213
4214[~] Report generated on: 2019-11-13 11:49:46 -0500
4215[~] Report false positives at: http://github.com/Arachni/arachni/issues
4216
4217[+] System settings:
4218[~] ---------------
4219[~] Version: 1.5.1
4220[~] Seed: 4c6434ef9e404e30b28061be03b1208e
4221[~] Audit started on: 2019-11-13 11:49:41 -0500
4222[~] Audit finished on: 2019-11-13 11:49:46 -0500
4223[~] Runtime: 00:00:04
4224
4225[~] URL: https://176.117.96.21/
4226[~] User agent: Arachni/v1.5.1
4227
4228[*] Audited elements:
4229[~] * Links
4230[~] * Forms
4231[~] * Cookies
4232[~] * XMLs
4233[~] * JSONs
4234[~] * UI inputs
4235[~] * UI forms
4236
4237[*] Checks: backup_directories, backup_files, insecure_cross_domain_policy_access, localstart_asp, directory_listing, http_put, origin_spoof_access_restriction_bypass, backdoors, common_directories, common_files, allowed_methods, htaccess_limit, interesting_responses, xst, webdav, insecure_cross_domain_policy_headers, hsts, http_only_cookies, captcha, form_upload, cookie_set_for_parent_domain, insecure_cors_policy, insecure_cookies, x_frame_options, password_autocomplete, unencrypted_password_forms, private_ip, mixed_resource, html_objects, cvs_svn_users, emails, ssn, credit_card, common_admin_interfaces, insecure_client_access_policy, file_inclusion, xss_dom_script_context, code_injection_php_input_wrapper, response_splitting, xss_tag, sql_injection_timing, path_traversal, unvalidated_redirect, no_sql_injection_differential, xss, xss_dom, os_cmd_injection, csrf, unvalidated_redirect_dom, rfi, xss_script_context, ldap_injection, xxe, xss_event, xpath_injection, os_cmd_injection_timing, code_injection_timing, xss_path, no_sql_injection, sql_injection_differential, code_injection, source_code_disclosure, trainer, sql_injection, session_fixation
4238
4239[~] ===========================
4240
4241[+] 0 issues were detected.
4242
4243
4244[~] Report saved at: /usr/share/sniper/loot/web/https-176.117.96.21/176.117.96.21 2019-11-13 11_49_46 -0500.afr [0.0MB]
4245[~] The scan has logged errors: /usr/share/arachni/logs/error-434658.log
4246
4247[~] Audited 0 page snapshots.
4248
4249[~] Duration: 00:00:04
4250[~] Processed 12/12 HTTP requests.
4251[~] -- 2.654 requests/second.
4252[~] Processed 0/0 browser jobs.
4253[~] -- 0 second/job.
4254
4255[~] Burst response time sum 1.339 seconds
4256[~] Burst response count 2
4257[~] Burst average response time 0.67 seconds
4258[~] Burst average 2.462 requests/second
4259[~] Timed-out requests 0
4260[~] Original max concurrency 20
4261[~] Throttled max concurrency 20
4262
4263Arachni - Web Application Security Scanner Framework v1.5.1
4264 Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
4265
4266 (With the support of the community and the Arachni Team.)
4267
4268 Website: http://arachni-scanner.com
4269 Documentation: http://arachni-scanner.com/wiki
4270
4271
4272
4273 [*] HTML: Creating HTML report...
4274/usr/share/arachni/vendor/bundle/ruby/2.5.0/gems/nokogiri-1.6.8.1/lib/nokogiri/html/document.rb:164: warning: constant ::Fixnum is deprecated
4275 [*] HTML: Saved in '/usr/share/sniper/loot//web/http-176.117.96.21/arachni.zip'.
4276Arachni - Web Application Security Scanner Framework v1.5.1
4277 Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
4278
4279 (With the support of the community and the Arachni Team.)
4280
4281 Website: http://arachni-scanner.com
4282 Documentation: http://arachni-scanner.com/wiki
4283
4284
4285
4286 [*] HTML: Creating HTML report...
4287 [*] HTML: Saved in '/usr/share/sniper/loot//web/https-176.117.96.21/arachni.zip'.
4288Archive: arachni.zip
4289 creating: js/
4290 creating: js/lib/
4291 inflating: js/lib/d3.min.js
4292 inflating: js/lib/bootstrap.min.js
4293 inflating: js/lib/jquery.min.js
4294 inflating: js/lib/c3.min.js
4295 inflating: js/init.js
4296 inflating: js/configuration.js
4297 inflating: js/charts.js
4298 inflating: js/helpers.js
4299 inflating: index.html
4300 creating: fonts/
4301 inflating: fonts/glyphicons-halflings-regular.eot
4302 inflating: fonts/FontAwesome.otf
4303 inflating: fonts/fontawesome-webfont.svg
4304 inflating: fonts/fontawesome-webfont.ttf
4305 inflating: fonts/fontawesome-webfont.eot
4306 inflating: fonts/fontawesome-webfont.woff
4307 inflating: fonts/glyphicons-halflings-regular.ttf
4308 inflating: fonts/glyphicons-halflings-regular.svg
4309 inflating: fonts/glyphicons-halflings-regular.woff
4310 creating: css/
4311 inflating: css/main.css
4312 creating: css/lib/
4313 inflating: css/lib/bootstrap-theme.min.css
4314 inflating: css/lib/c3.css
4315 inflating: css/lib/bootstrap.min.css
4316 inflating: css/lib/font-awesome.min.css
4317Archive: arachni.zip
4318 creating: js/
4319 creating: js/lib/
4320 inflating: js/lib/d3.min.js
4321 inflating: js/lib/bootstrap.min.js
4322 inflating: js/lib/jquery.min.js
4323 inflating: js/lib/c3.min.js
4324 inflating: js/init.js
4325 inflating: js/configuration.js
4326 inflating: js/charts.js
4327 inflating: js/helpers.js
4328 inflating: index.html
4329 creating: fonts/
4330 inflating: fonts/glyphicons-halflings-regular.eot
4331 inflating: fonts/FontAwesome.otf
4332 inflating: fonts/fontawesome-webfont.svg
4333 inflating: fonts/fontawesome-webfont.ttf
4334 inflating: fonts/fontawesome-webfont.eot
4335 inflating: fonts/fontawesome-webfont.woff
4336 inflating: fonts/glyphicons-halflings-regular.ttf
4337 inflating: fonts/glyphicons-halflings-regular.svg
4338 inflating: fonts/glyphicons-halflings-regular.woff
4339 creating: css/
4340 inflating: css/main.css
4341 creating: css/lib/
4342 inflating: css/lib/bootstrap-theme.min.css
4343 inflating: css/lib/c3.css
4344 inflating: css/lib/bootstrap.min.css
4345 inflating: css/lib/font-awesome.min.css
4346#######################################################################################################################################
4347Hosts
4348=====
4349
4350address mac name os_name os_flavor os_sp purpose info comments
4351------- --- ---- ------- --------- ----- ------- ---- --------
4352176.117.96.21 Linux 2.6.X server
4353
4354Services
4355========
4356
4357host port proto name state info
4358---- ---- ----- ---- ----- ----
4359176.117.96.21 25 tcp smtp closed
4360176.117.96.21 53 udp domain unknown
4361176.117.96.21 67 udp dhcps unknown
4362176.117.96.21 68 udp dhcpc unknown
4363176.117.96.21 69 udp tftp unknown
4364176.117.96.21 80 tcp http open Microsoft IIS httpd 7.5
4365176.117.96.21 88 udp kerberos-sec unknown
4366176.117.96.21 123 udp ntp unknown
4367176.117.96.21 137 udp netbios-ns filtered
4368176.117.96.21 138 udp netbios-dgm filtered
4369176.117.96.21 139 tcp netbios-ssn closed
4370176.117.96.21 139 udp netbios-ssn unknown
4371176.117.96.21 161 udp snmp unknown
4372176.117.96.21 162 udp snmptrap unknown
4373176.117.96.21 389 udp ldap unknown
4374176.117.96.21 443 tcp ssl/https open
4375176.117.96.21 445 tcp microsoft-ds closed
4376176.117.96.21 500 udp isakmp unknown
4377176.117.96.21 520 udp route unknown
4378176.117.96.21 2049 udp nfs unknown
4379#######################################################################################################################################
4380
4381% This is the RIPE Database query service.
4382% The objects are in RPSL format.
4383%
4384% The RIPE Database is subject to Terms and Conditions.
4385% See http://www.ripe.net/db/support/db-terms-conditions.pdf
4386
4387% Note: this output has been filtered.
4388% To receive output for a database update, use the "-B" flag.
4389
4390% Information related to '176.117.96.0 - 176.117.103.255'
4391
4392% Abuse contact for '176.117.96.0 - 176.117.103.255' is 'erdal@mkutup.gov.tr'
4393
4394inetnum: 176.117.96.0 - 176.117.103.255
4395netname: MKUTUP-IPV4-NET
4396descr: IPv4 Address Block - 01
4397country: TR
4398org: ORG-NLoT2-RIPE
4399admin-c: NLOT2002-RIPE
4400tech-c: NLOT2003-RIPE
4401status: ASSIGNED PI
4402mnt-by: RIPE-NCC-END-MNT
4403mnt-by: MKUTUP-IPV4-MNT
4404mnt-routes: MKUTUP-ROUTE-MNT
4405mnt-domains: MKUTUP-DOMAIN-MNT
4406created: 2012-05-15T11:36:06Z
4407last-modified: 2016-04-14T10:23:57Z
4408source: RIPE
4409
4410organisation: ORG-NLoT2-RIPE
4411org-name: National Library of Turkey
4412org-type: LIR
4413address: Milli Kutuphane Baskanligi, Bahcelievler Son Durak
4414address: 06490
4415address: Ankara
4416address: TURKEY
4417phone: +903122126200
4418fax-no: +903122230451
4419abuse-c: AR17366-RIPE
4420mnt-ref: MKUTUP-AS-MNT
4421mnt-ref: RIPE-NCC-HM-MNT
4422mnt-by: RIPE-NCC-HM-MNT
4423created: 2012-05-07T09:00:58Z
4424last-modified: 2016-10-06T15:36:26Z
4425source: RIPE # Filtered
4426
4427role: National Library of Turkey - RIPE IPv4 Administrator Role
4428address: Milli Kutuphane Baskanligi, Bahcelievler Son Durak, ANKARA, TURKEY
4429admin-c: EP5605-RIPE
4430tech-c: EP5605-RIPE
4431nic-hdl: NLOT2002-RIPE
4432mnt-by: MKUTUP-MNT
4433created: 2012-05-09T02:54:23Z
4434last-modified: 2012-05-09T02:54:23Z
4435source: RIPE # Filtered
4436
4437role: National Library of Turkey - RIPE IPv4 Technical Role
4438address: Milli Kutuphane Baskanligi, Bahcelievler Son Durak, ANKARA, TURKEY
4439admin-c: EP5605-RIPE
4440tech-c: EP5605-RIPE
4441nic-hdl: NLOT2003-RIPE
4442mnt-by: MKUTUP-MNT
4443created: 2012-05-09T02:51:20Z
4444last-modified: 2012-05-09T02:51:20Z
4445source: RIPE # Filtered
4446
4447% Information related to '176.117.96.0/21AS58151'
4448
4449route: 176.117.96.0/21
4450descr: National Library of Turkey
4451descr: IPv4 Route Object
4452origin: AS58151
4453mnt-by: MKUTUP-ROUTE-MNT
4454created: 2012-05-15T17:50:03Z
4455last-modified: 2012-06-22T02:58:40Z
4456source: RIPE
4457
4458% This query was served by the RIPE Database Query Service version 1.95.1 (ANGUS)
4459#######################################################################################################################################
4460Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 12:40 EST
4461Nmap scan report for 176.117.96.21
4462Host is up (0.19s latency).
4463Not shown: 995 filtered ports, 3 closed ports
4464Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
4465PORT STATE SERVICE
446680/tcp open http
4467443/tcp open https
4468#######################################################################################################################################
4469HTTP/1.1 302 Redirect
4470Content-Length: 166
4471Content-Type: text/html; charset=UTF-8
4472Location: http://176.117.96.21/SitePages/default.aspx
4473Server: Microsoft-IIS/7.5
4474X-SharePointHealthScore: 0
4475SPRequestGuid: 7b80179f-0e02-e08e-bb98-e329d008dfe5
4476request-id: 7b80179f-0e02-e08e-bb98-e329d008dfe5
4477X-FRAME-OPTIONS: SAMEORIGIN
4478SPRequestDuration: 5
4479SPIisLatency: 0
4480X-Powered-By: ASP.NET
4481MicrosoftSharePointTeamServices: 15.0.0.4420
4482X-Content-Type-Options: nosniff
4483X-MS-InvokeApp: 1; RequireReadOnly
4484Date: Wed, 13 Nov 2019 17:41:11 GMT
4485#######################################################################################################################################
4486http://176.117.96.21 [302 Found] Country[TURKEY][TR], HTTPServer[Microsoft-IIS/7.5], IP[176.117.96.21], Microsoft-IIS[7.5], Microsoft-Sharepoint[15.0.0.4420], RedirectLocation[http://176.117.96.21/SitePages/default.aspx], Title[Document Moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN], X-Powered-By[ASP.NET]
4487http://176.117.96.21/SitePages/default.aspx [200 OK] ASP_NET[4.0.30319], Country[TURKEY][TR], HTTPServer[Microsoft-IIS/7.5], IP[176.117.96.21], Microsoft-IIS[7.5], Microsoft-Sharepoint[15.0.0.4420], Script[text/javascript], Title[Untitled 1][Title element contains newline(s)!], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN], X-Powered-By[ASP.NET], X-UA-Compatible[IE=10]
4488#######################################################################################################################################
4489
4490wig - WebApp Information Gatherer
4491
4492
4493Scanning http://176.117.96.21...
4494_____________________________________ SITE INFO _____________________________________
4495IP Title
4496176.117.96.21 Untitled 1
4497
4498______________________________________ VERSION ______________________________________
4499Name Versions Type
4500SharePoint 15.0.0.4420 CMS
4501ASP.NET 4.0.30319 Platform
4502IIS 7.5 Platform
4503Microsoft Windows Server 2008 R2 OS
4504
4505____________________________________ INTERESTING ____________________________________
4506URL Note Type
4507/_layouts/create.aspx Sharepoint Create Page Interesting
4508
4509_______________________________________ TOOLS _______________________________________
4510Name Link Software
4511sparty https://github.com/alias1/sparty SharePoint
4512spscan https://github.com/toddsiegel/spscan SharePoint
4513Sharepoint URL Brute http://www.bishopfox.com/download/414/ SharePoint
4514
4515_____________________________________________________________________________________
4516Time: 1.3 sec Urls: 158 Fingerprints: 40401
4517#######################################################################################################################################
4518http://176.117.96.21/favicon.ico
4519http://176.117.96.21/robots.txt
4520http://176.117.96.21/SiteAssets/images/MKutup-FB.jpg
4521http://176.117.96.21:80/tr
4522http://176.117.96.21:80/tr/_vti_bin/spdisco.aspx
4523http://176.117.96.21:80/tr/sayfalar
4524http://176.117.96.21:80/tr/Sayfalar/Bize-Yazin.aspx
4525http://176.117.96.21:80/tr/Sayfalar/default.aspx
4526http://176.117.96.21:80/tr/Sayfalar/Duyuru-Detay.aspx?did=1
4527http://176.117.96.21:80/tr/Sayfalar/Duyuru-Detay.aspx?did=2
4528http://176.117.96.21:80/tr/Sayfalar/duyurular.aspx
4529http://176.117.96.21:80/tr/Sayfalar/Etkinlik-Detay.aspx?eid=1
4530http://176.117.96.21:80/tr/Sayfalar/Etkinlik-Detay.aspx?eid=2
4531http://176.117.96.21:80/tr/Sayfalar/Etkinlik-Detay.aspx?eid=3
4532http://176.117.96.21:80/tr/Sayfalar/Etkinlik-Detay.aspx?eid=4
4533http://176.117.96.21:80/tr/Sayfalar/etkinlikler.aspx
4534http://176.117.96.21:80/tr/Sayfalar/Forms/AllItems.aspx?RootFolder=%2Ftr%2FSayfalar%2FHakkimizda&FolderCTID=0x01200042B95926C347AC4FAAFA5F1C1CFAEBC00091434DBF52E722429F8EB0B6C87B4637
4535http://176.117.96.21:80/tr/Sayfalar/haber-detay.aspx?hid=1
4536http://176.117.96.21:80/tr/Sayfalar/haber-detay.aspx?hid=3
4537http://176.117.96.21:80/tr/Sayfalar/Hakkimizda
4538http://176.117.96.21:80/tr/Sayfalar/Hakkimizda/Istatistikler.aspx
4539http://176.117.96.21:80/tr/Sayfalar/Hakkimizda/Kurulus-Amacimiz.aspx
4540http://176.117.96.21:80/tr/Sayfalar/Hakkimizda/tarihce-kronoloji.aspx
4541http://176.117.96.21:80/tr/Sayfalar/Hakkimizda/u002ftarihce-kronoloji.aspx
4542http://176.117.96.21:80/tr/Sayfalar/Hakkimizda/vizyon-misyon.aspx
4543http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz
4544http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/Banko-Materyallerden-Yararlanma.aspx
4545http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/default.aspx
4546http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/Fotokopi-Hizmetleri.aspx
4547http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/Kitap-Ayirma-Formu.aspx
4548http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/Kitap-Ayrima-Sonuc.aspx
4549http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/Konferans-Salonlari.aspx
4550http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/okuma-calisma-salonlari.aspx
4551http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/u002fKitap-Ayirma-Formu.aspx
4552http://176.117.96.21:80/tr/Sayfalar/Hizmetlerimiz/u002fKonferans-Salonlari.aspx
4553http://176.117.96.21:80/tr/Sayfalar/Koleksiyonumuz/Dijital-Kutuphane.aspx
4554http://176.117.96.21:80/tr/Sayfalar/Koleksiyonumuz/Koleksiyon-Olusturma.aspx
4555http://176.117.96.21:80/tr/Sayfalar/Koleksiyonumuz/Tas-Plaklar.aspx
4556http://176.117.96.21:80/tr/Sayfalar/Koleksiyonumuz/Tum-Koleksiyon.aspx
4557http://176.117.96.21:80/tr/Sayfalar/Kutuphane-Kullanimi/Kullanim-Sartlari.aspx
4558http://176.117.96.21:80/tr/Sayfalar/Kutuphane-Kullanimi/Kutuphane-Saatleri.aspx
4559http://176.117.96.21:80/tr/Sayfalar/Kutuphane-Kullanimi/Kutuphanemizi-Taniyalim.aspx
4560http://176.117.96.21:80/tr/Sayfalar/Kutuphane-Kullanimi/SSS/default.aspx
4561http://176.117.96.21:80/tr/Sayfalar/Kutuphane-Kullanimi/uyelik.aspx
4562http://176.117.96.21:80/tr/Sayfalar/RSS/Duyurular.aspx
4563http://176.117.96.21:80/tr/Sayfalar/RSS/Etkinlikler.aspx
4564http://176.117.96.21:80/tr/Sayfalar/u002fdefault.aspx
4565#######################################################################################################################################
4566__________________________________________________________________________________________________
4567<form action="./default.aspx" id="form1" method="post">
4568<input id="__VIEWSTATE" name="__VIEWSTATE" type="hidden" value="/wEPDwUBMGRkUB8ktQMHOpFiPbNcercEBalMpdpLZtvxezGtlbKrjLc="/>
4569<input id="__VIEWSTATEGENERATOR" name="__VIEWSTATEGENERATOR" type="hidden" value="17E22E0C"/>
4570</form>
4571__________________________________________________________________________________________________
4572
4573__________________________________________________________________________________________________
4574
4575
4576 _.._
4577 .' '.
4578 / __ \
4579 , | >< | ,
4580 . \ \ / / .
4581 \_'--`( )'--'_/
4582 .--'/()'--.
4583 1N3 / /` '' `\ \
4584 | |
4585 \ /
4586
4587
4588 + -- --=[https://crowdshield.com
4589 + -- --=[blackwidow v1.0
4590
4591[+] URL's Discovered:
4592/usr/share/blackwidow/176.117.96.21_80/176.117.96.21_80-urls-sorted.txt
4593__________________________________________________________________________________________________
4594
4595[+] Dynamic URL's Discovered:
4596/usr/share/blackwidow/176.117.96.21_80/176.117.96.21_80-dynamic-sorted.txt
4597__________________________________________________________________________________________________
4598
4599[+] Form URL's Discovered:
4600/usr/share/blackwidow/176.117.96.21_80/176.117.96.21_80-forms-sorted.txt
4601__________________________________________________________________________________________________
4602
4603[+] Unique Dynamic Parameters Discovered:
4604/usr/share/blackwidow/176.117.96.21_80/176.117.96.21_80-dynamic-unique.txt
4605__________________________________________________________________________________________________
4606
4607[+] Sub-domains Discovered:
4608/usr/share/blackwidow/176.117.96.21_80/176.117.96.21_80-subdomains-sorted.txt
4609__________________________________________________________________________________________________
4610
4611[+] Emails Discovered:
4612/usr/share/blackwidow/176.117.96.21_80/176.117.96.21_80-emails-sorted.txt
4613__________________________________________________________________________________________________
4614
4615[+] Phones Discovered:
4616/usr/share/blackwidow/176.117.96.21_80/176.117.96.21_80-phones-sorted.txt
4617__________________________________________________________________________________________________
4618
4619[+] Loot Saved To:
4620/usr/share/blackwidow/176.117.96.21_80/
4621__________________________________________________________________________________________________
4622
4623 HACK THE PLANET!!!!!
4624**************************************************************************************************
4625If you haven't already, please donate to this project using the addresses below.
4626This will help fascilitate improved features and ongoing support.
4627
4628[+] BTC 1Fav36btfmdrYpCAR65XjKHhxuJJwFyKum
4629[+] ETH 0x20bB09273702eaBDFbEE9809473Fd04b969a794d
4630[+] LTC LQ6mPewec3xeLBYMdRP4yzeta6b9urqs2f
4631[+] XMR 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbS3EN24xprAQ1Z5Sy5s
4632[+] ZCASH t1fsizsk2cqqJAjRoUmXJSyoVa9utYucXt7
4633
46341N3@CrowdShield
4635https://crowdshield.com
4636#######################################################################################################################################
4637500 25B http://176.117.96.21:80/.git
4638500 25B http://176.117.96.21:80/.svn
4639500 25B http://176.117.96.21:80/.ssh
4640500 25B http://176.117.96.21:80/.env
4641500 25B http://176.117.96.21:80/.bashrc
4642500 25B http://176.117.96.21:80/.git/config
4643500 25B http://176.117.96.21:80/.travis.yml
4644500 25B http://176.117.96.21:80/.DS_Store
4645500 25B http://176.117.96.21:80/.gitignore
4646500 16KB http://176.117.96.21:80/package.json
4647500 16KB http://176.117.96.21:80/composer.json
4648500 25B http://176.117.96.21:80/.git
4649500 25B http://176.117.96.21:80/.svn
4650500 25B http://176.117.96.21:80/.ssh
4651500 25B http://176.117.96.21:80/.env
4652500 25B http://176.117.96.21:80/.bashrc
4653500 25B http://176.117.96.21:80/.git/config
4654500 25B http://176.117.96.21:80/.travis.yml
4655500 25B http://176.117.96.21:80/.DS_Store
4656500 25B http://176.117.96.21:80/.gitignore
4657500 16KB http://176.117.96.21:80/package.json
4658500 16KB http://176.117.96.21:80/composer.json
4659#######################################################################################################################################
4660https://176.117.96.21 [302 Found] Country[TURKEY][TR], HTTPServer[Microsoft-IIS/7.5], IP[176.117.96.21], Microsoft-IIS[7.5], Microsoft-Sharepoint[15.0.0.4420], RedirectLocation[https://176.117.96.21/SitePages/default.aspx], Title[Document Moved], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN], X-Powered-By[ASP.NET]
4661https://176.117.96.21/SitePages/default.aspx [200 OK] ASP_NET[4.0.30319], Country[TURKEY][TR], HTTPServer[Microsoft-IIS/7.5], IP[176.117.96.21], Microsoft-IIS[7.5], Microsoft-Sharepoint[15.0.0.4420], Script[text/javascript], Title[Untitled 1][Title element contains newline(s)!], UncommonHeaders[x-sharepointhealthscore,sprequestguid,request-id,sprequestduration,spiislatency,microsoftsharepointteamservices,x-content-type-options,x-ms-invokeapp], X-Frame-Options[SAMEORIGIN], X-Powered-By[ASP.NET], X-UA-Compatible[IE=10]
4662######################################################################################################################################
4663
4664
4665 _.._
4666 .' '.
4667 / __ \
4668 , | >< | ,
4669 . \ \ / / .
4670 \_'--`( )'--'_/
4671 .--'/()'--.
4672 1N3 / /` '' `\ \
4673 | |
4674 \ /
4675
4676
4677 + -- --=[https://crowdshield.com
4678 + -- --=[blackwidow v1.0
4679
4680HTTPSConnectionPool(host='176.117.96.21', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')],)",),))
4681local variable 'domain' referenced before assignment
4682
4683
4684 _.._
4685 .' '.
4686 / __ \
4687 , | >< | ,
4688 . \ \ / / .
4689 \_'--`( )'--'_/
4690 .--'/()'--.
4691 1N3 / /` '' `\ \
4692 | |
4693 \ /
4694
4695
4696 + -- --=[https://crowdshield.com
4697 + -- --=[blackwidow v1.0
4698
4699[+] URL's Discovered:
4700/usr/share/blackwidow/176.117.96.21_443/176.117.96.21_443-urls-sorted.txt
4701__________________________________________________________________________________________________
4702
4703[+] Dynamic URL's Discovered:
4704/usr/share/blackwidow/176.117.96.21_443/176.117.96.21_443-dynamic-sorted.txt
4705__________________________________________________________________________________________________
4706
4707[+] Form URL's Discovered:
4708/usr/share/blackwidow/176.117.96.21_443/176.117.96.21_443-forms-sorted.txt
4709__________________________________________________________________________________________________
4710
4711[+] Unique Dynamic Parameters Discovered:
4712/usr/share/blackwidow/176.117.96.21_443/176.117.96.21_443-dynamic-unique.txt
4713__________________________________________________________________________________________________
4714
4715[+] Sub-domains Discovered:
4716/usr/share/blackwidow/176.117.96.21_443/176.117.96.21_443-subdomains-sorted.txt
4717__________________________________________________________________________________________________
4718
4719[+] Emails Discovered:
4720/usr/share/blackwidow/176.117.96.21_443/176.117.96.21_443-emails-sorted.txt
4721__________________________________________________________________________________________________
4722
4723[+] Phones Discovered:
4724/usr/share/blackwidow/176.117.96.21_443/176.117.96.21_443-phones-sorted.txt
4725__________________________________________________________________________________________________
4726
4727[+] Loot Saved To:
4728/usr/share/blackwidow/176.117.96.21_443/
4729__________________________________________________________________________________________________
4730
4731 HACK THE PLANET!!!!!
4732**************************************************************************************************
4733If you haven't already, please donate to this project using the addresses below.
4734This will help fascilitate improved features and ongoing support.
4735
4736[+] BTC 1Fav36btfmdrYpCAR65XjKHhxuJJwFyKum
4737[+] ETH 0x20bB09273702eaBDFbEE9809473Fd04b969a794d
4738[+] LTC LQ6mPewec3xeLBYMdRP4yzeta6b9urqs2f
4739[+] XMR 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbS3EN24xprAQ1Z5Sy5s
4740[+] ZCASH t1fsizsk2cqqJAjRoUmXJSyoVa9utYucXt7
4741
47421N3@CrowdShield
4743https://crowdshield.com
4744#######################################################################################################################################
4745500 16KB http://176.117.96.21:80/composer.json
4746500 16KB http://176.117.96.21:80/package.json
4747500 25B http://176.117.96.21:80/.bashrc
4748500 25B http://176.117.96.21:80/.DS_Store
4749500 25B http://176.117.96.21:80/.env
4750500 25B http://176.117.96.21:80/.git
4751500 25B http://176.117.96.21:80/.git/config
4752500 25B http://176.117.96.21:80/.gitignore
4753500 25B http://176.117.96.21:80/.ssh
4754500 25B http://176.117.96.21:80/.svn
4755500 25B http://176.117.96.21:80/.travis.yml
4756500 25B http://176.117.96.21:80/.git
4757500 25B http://176.117.96.21:80/.svn
4758500 25B http://176.117.96.21:80/.ssh
4759500 25B http://176.117.96.21:80/.env
4760500 25B http://176.117.96.21:80/.bashrc
4761500 25B http://176.117.96.21:80/.git/config
4762500 25B http://176.117.96.21:80/.travis.yml
4763500 25B http://176.117.96.21:80/.DS_Store
4764500 25B http://176.117.96.21:80/.gitignore
4765500 16KB http://176.117.96.21:80/package.json
4766500 16KB http://176.117.96.21:80/composer.json
4767#######################################################################################################################################
4768Version: 1.11.13-static
4769OpenSSL 1.0.2-chacha (1.0.2g-dev)
4770
4771Connected to 176.117.96.21
4772
4773Testing SSL server 176.117.96.21 on port 443 using SNI name 176.117.96.21
4774
4775 TLS Fallback SCSV:
4776Server only supports TLSv1.0
4777
4778 TLS renegotiation:
4779Secure session renegotiation supported
4780
4781 TLS Compression:
4782Compression disabled
4783
4784 Heartbleed:
4785TLS 1.2 not vulnerable to heartbleed
4786TLS 1.1 not vulnerable to heartbleed
4787TLS 1.0 not vulnerable to heartbleed
4788
4789 Supported Server Cipher(s):
4790Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
4791Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
4792Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
4793Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
4794Accepted TLSv1.0 256 bits AES256-SHA
4795Accepted TLSv1.0 128 bits AES128-SHA
4796Accepted TLSv1.0 112 bits DES-CBC3-SHA
4797Accepted TLSv1.0 128 bits RC4-SHA
4798Accepted TLSv1.0 128 bits RC4-MD5
4799Preferred SSLv3 112 bits DES-CBC3-SHA
4800Accepted SSLv3 128 bits RC4-SHA
4801Accepted SSLv3 128 bits RC4-MD5
4802Preferred SSLv2 128 bits RC4-MD5
4803Accepted SSLv2 112 bits DES-CBC3-MD5
4804
4805 SSL Certificate:
4806Signature Algorithm: sha256WithRSAEncryption
4807RSA Key Strength: 2048
4808
4809Subject: *.mkutup.gov.tr
4810Altnames: DNS:*.mkutup.gov.tr, DNS:mkutup.gov.tr
4811Issuer: Sectigo RSA Domain Validation Secure Server CA
4812
4813Not valid before: Apr 30 00:00:00 2019 GMT
4814Not valid after: May 2 23:59:59 2021 GMT
4815#######################################################################################################################################
4816Hosts
4817=====
4818
4819address mac name os_name os_flavor os_sp purpose info comments
4820------- --- ---- ------- --------- ----- ------- ---- --------
4821176.117.96.21 Linux 2.6.X server
4822
4823Services
4824========
4825
4826host port proto name state info
4827---- ---- ----- ---- ----- ----
4828176.117.96.21 25 tcp smtp closed
4829176.117.96.21 53 udp domain unknown
4830176.117.96.21 67 udp dhcps unknown
4831176.117.96.21 68 udp dhcpc unknown
4832176.117.96.21 69 udp tftp unknown
4833176.117.96.21 80 tcp http open Microsoft IIS httpd 7.5
4834176.117.96.21 88 udp kerberos-sec unknown
4835176.117.96.21 123 udp ntp unknown
4836176.117.96.21 137 udp netbios-ns filtered
4837176.117.96.21 138 udp netbios-dgm filtered
4838176.117.96.21 139 tcp netbios-ssn closed
4839176.117.96.21 139 udp netbios-ssn unknown
4840176.117.96.21 161 udp snmp unknown
4841176.117.96.21 162 udp snmptrap unknown
4842176.117.96.21 389 udp ldap unknown
4843176.117.96.21 443 tcp ssl/https open
4844176.117.96.21 445 tcp microsoft-ds closed
4845176.117.96.21 500 udp isakmp unknown
4846176.117.96.21 520 udp route unknown
4847176.117.96.21 2049 udp nfs unknown
4848#######################################################################################################################################
4849 Anonymous JTSEC #OpTurkey Full Recon #7