· 6 years ago · Oct 18, 2019, 03:30 AM
1#######################################################################################################################################
2=======================================================================================================================================
3 Hostname www.samsun.gov.tr ISP Turkiye Cumhuriyeti Icisleri Bakanligi
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Ankara Local time 18 Oct 2019 04:16 +03
8City Ankara Postal Code 06470
9IP Address 2.58.141.20 Latitude 39.923
10 Longitude 32.838
11=======================================================================================================================================
12#######################################################################################################################################
13> www.samsun.gov.tr
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18www.samsun.gov.tr canonical name = samsun.gov.tr.
19Name: samsun.gov.tr
20Address: 2.58.141.20
21>
22#######################################################################################################################################
23** Domain Name: samsun.gov.tr
24
25** Registrant:
26 Samsun Valiliği
27 Hükümet Konağı
28 55019
29 Samsun,
30 Türkiye
31 valilik@samsun.gov.tr
32 + 90-362-4316475-
33 + 90-362-4359098
34
35
36** Administrative Contact:
37NIC Handle : tsv79-metu
38Organization Name : T.C. Samsun Valiliği
39Address : Hükümet Konağı Samsun/İlkadım
40
41 Samsun,55019
42 Türkiye
43Phone : + 90-362-4316475-145
44Fax : +
45
46
47** Technical Contact:
48NIC Handle : tsv79-metu
49Organization Name : T.C. Samsun Valiliği
50Address : Hükümet Konağı Samsun/İlkadım
51
52 Samsun,55019
53 Türkiye
54Phone : + 90-362-4316475-145
55Fax : +
56
57
58** Billing Contact:
59NIC Handle : tsv79-metu
60Organization Name : T.C. Samsun Valiliği
61Address : Hükümet Konağı Samsun/İlkadım
62
63 Samsun,55019
64 Türkiye
65Phone : + 90-362-4316475-145
66Fax : +
67
68
69** Domain Servers:
70ns1.isay.gov.tr
71ns2.isay.gov.tr
72
73** Additional Info:
74Created on..............: 2000-Apr-13.
75Expires on..............: 2021-Apr-12.
76#######################################################################################################################################
77[+] Target : www.samsun.gov.tr
78
79[+] IP Address : 2.58.141.20
80
81[+] Headers :
82
83[+] Cache-Control : private, no-store, max-age=180, no-cache
84[+] Content-Type : text/html; charset=utf-8
85[+] Expires : Fri, 18 Oct 2019 01:24:58 GMT
86[+] Last-Modified : Fri, 18 Oct 2019 01:21:58 GMT
87[+] Vary : *
88[+] Server : Microsoft-IIS/10.0
89[+] Set-Cookie : ASP.NET_SessionId=v2nbbsox5bi3pln5lqqppg31; path=/; HttpOnly, NSC_ESNS=80ede20f-13a4-1da9-9678-ba8b1843e7c4_0593624936_2689390764_00000000015047435436; Path=/; Expires=Fri, 18-Oct-2019 01:22:13 GMT
90[+] X-AspNetMvc-Version : 5.2
91[+] X-AspNet-Version : 4.0.30319
92[+] X-Powered-By : ASP.NET
93[+] Date : Fri, 18 Oct 2019 01:21:58 GMT
94[+] X-Via-NSCOPI : 1.0
95[+] Transfer-Encoding : chunked
96
97[+] SSL Certificate Information :
98
99[-] SSL is not Present on Target URL...Skipping...
100
101[+] Whois Lookup :
102
103[+] NIR : None
104[+] ASN Registry : ripencc
105[+] ASN : 209171
106[+] ASN CIDR : 2.58.141.0/24
107[+] ASN Country Code : TR
108[+] ASN Date : 2019-03-21
109[+] ASN Description : ICISLERI, TR
110[+] cidr : 2.58.140.0/22
111[+] name : TR-ICISLERI-20190321
112[+] handle : MOK24-RIPE
113[+] range : 2.58.140.0 - 2.58.143.255
114[+] description : None
115[+] country : TR
116[+] state : None
117[+] city : None
118[+] address : Devlet Mahallesi, ankaya/Ankara
11906580
120Ankara
121TURKEY
122[+] postal_code : None
123[+] emails : None
124[+] created : 2019-03-21T16:39:03Z
125[+] updated : 2019-03-21T16:39:03Z
126
127[+] Crawling Target...
128
129[+] Looking for robots.txt........[ Found ]
130[+] Extracting robots Links.......[ 5 ]
131[+] Looking for sitemap.xml.......[ Not Found ]
132[+] Extracting CSS Links..........[ 2 ]
133[+] Extracting Javascript Links...[ 2 ]
134[+] Extracting Internal Links.....[ 81 ]
135[+] Extracting External Links.....[ 13 ]
136[+] Extracting Images.............[ 14 ]
137
138[+] Total Links Extracted : 117
139
140[+] Dumping Links in /opt/FinalRecon/dumps/www.samsun.gov.tr.dump
141[+] Completed!
142######################################################################################################################################
143[+] Starting At 2019-10-17 21:24:29.191091
144[+] Collecting Information On: http://www.samsun.gov.tr/
145[#] Status: 200
146--------------------------------------------------
147[#] Web Server Detected: Microsoft-IIS/10.0
148[#] X-Powered-By: ASP.NET
149[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
150- Cache-Control: private, no-store, max-age=180, no-cache
151- Content-Type: text/html; charset=utf-8
152- Expires: Fri, 18 Oct 2019 01:27:30 GMT
153- Last-Modified: Fri, 18 Oct 2019 01:24:30 GMT
154- Vary: *
155- Server: Microsoft-IIS/10.0
156- Set-Cookie: ASP.NET_SessionId=l50ekzno4ytq3psuytq22won; path=/; HttpOnly, NSC_ESNS=80cf7b3f-143b-1da9-9678-ba8b1843e7c4_0285748583_2451926148_00000000019340330334; Path=/; Expires=Fri, 18-Oct-2019 01:24:44 GMT
157- X-AspNetMvc-Version: 5.2
158- X-AspNet-Version: 4.0.30319
159- X-Powered-By: ASP.NET
160- Date: Fri, 18 Oct 2019 01:24:29 GMT
161- X-Via-NSCOPI: 1.0
162- Transfer-Encoding: chunked
163--------------------------------------------------
164[#] Finding Location..!
165[#] status: success
166[#] country: Turkey
167[#] countryCode: TR
168[#] region: 06
169[#] regionName: Ankara
170[#] city: Ankara
171[#] zip:
172[#] lat: 39.9146
173[#] lon: 32.852
174[#] timezone: Europe/Istanbul
175[#] isp: Icisleri Bakanligi
176[#] org: Turkiye Cumhuriyeti Icisleri Bakanligi
177[#] as: AS209171 Turkiye Cumhuriyeti Icisleri Bakanligi
178[#] query: 2.58.141.20
179--------------------------------------------------
180[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
181--------------------------------------------------
182[#] Starting Reverse DNS
183[!] Found 4 any Domain
184- edirne.gov.tr
185- gumushane.gov.tr
186- kastamonu.gov.tr
187- samsun.gov.tr
188--------------------------------------------------
189[!] Scanning Open Port
190--------------------------------------------------
191[+] Collecting Information Disclosure!
192[#] Detecting sitemap.xml file
193[-] sitemap.xml file not Found!?
194[#] Detecting robots.txt file
195[!] robots.txt File Found: http://www.samsun.gov.tr//robots.txt
196[#] Detecting GNU Mailman
197[-] GNU Mailman App Not Detected!?
198--------------------------------------------------
199[+] Crawling Url Parameter On: http://www.samsun.gov.tr/
200--------------------------------------------------
201[#] Searching Html Form !
202[-] No Html Form Found!?
203--------------------------------------------------
204[!] Found 4 dom parameter
205[#] http://www.samsun.gov.tr//#MobileSlideMenu
206[#] http://www.samsun.gov.tr//#
207[#] http://www.samsun.gov.tr//#
208[#] http://www.samsun.gov.tr//#
209--------------------------------------------------
210[!] 16 Internal Dynamic Parameter Discovered
211[+] http://www.samsun.gov.tr///Icerik/css?v=OPZ4yxrNaPzWEKRih6_2ceq24FELJMoiJoh8-0CrrSQ1
212[+] http://www.samsun.gov.tr///WebPart/FSlider-css?v=RSZigIGfhKaohuGGo4LqrvXh_b3mofobziyJ2PMis0Y1
213[+] http://www.samsun.gov.tr///WebPart/section-header-css?v=8-IxQ3JeR7j48t5eivgCqrGjQ9UFd3ROcpaNsNBlZJ41
214[+] http://www.samsun.gov.tr///WebPart/SliderNews-css?v=Mm1HEGI3OIMFeTkKqrHV0Jb8ddKVAuOKEw3m38xP2sg1
215[+] http://www.samsun.gov.tr///WebPart/section-header-css?v=8-IxQ3JeR7j48t5eivgCqrGjQ9UFd3ROcpaNsNBlZJ41
216[+] http://www.samsun.gov.tr///WebPart/Announcement-css?v=bey2yifbJmazQt0Hi_Ub2ftdwRNKVhvHZyuEbR-0Srs1
217[+] http://www.samsun.gov.tr///WebPart/section-header-css?v=8-IxQ3JeR7j48t5eivgCqrGjQ9UFd3ROcpaNsNBlZJ41
218[+] http://www.samsun.gov.tr///WebPart/CityArticles-css?v=suZ4zguppJ45mb0kuaIDxMJv7RB2ErDOSP-4l8GF2Ww1
219[+] http://www.samsun.gov.tr///WebPart/section-header-css?v=8-IxQ3JeR7j48t5eivgCqrGjQ9UFd3ROcpaNsNBlZJ41
220[+] http://www.samsun.gov.tr///WebPart/GovernorInfo-css?v=-NvfLCbU8aRWPUMgzap4PTlrHfjNEx-rIWNqAJuUw1M1
221[+] http://www.samsun.gov.tr///WebPart/section-header-css?v=8-IxQ3JeR7j48t5eivgCqrGjQ9UFd3ROcpaNsNBlZJ41
222[+] http://www.samsun.gov.tr///WebPart/section-header-css?v=8-IxQ3JeR7j48t5eivgCqrGjQ9UFd3ROcpaNsNBlZJ41
223[+] http://www.samsun.gov.tr///WebPart/CityMap-css?v=25klCQq1C1XNV7_yQJzIS040RmdcV09DDvfb1yQy52k1
224[+] http://www.samsun.gov.tr///WebPart/ContactUs-css?v=dGg8P1MguLAXsmX9lENh3xES4CL4dADkG_qxoFhgXjw1
225[+] http://www.samsun.gov.tr///WebPart/FLogo-css?v=u0L_XkqncfCYSi2ONHkXcHYbx2YCtmTO1PbuJwLug101
226[+] http://www.samsun.gov.tr///WebPart/FooterValilik-css?v=MSC2DB4BLBOrjcOUaqwI9t5xILSggNOOi9bdsHck8I01
227--------------------------------------------------
228[!] 5 External Dynamic Parameter Discovered
229[#] https://fonts.googleapis.com/css?family=Roboto&subset=latin-ext
230[#] https://www.cimer.gov.tr/?bim=CfDJ8CLd_u-3vtlEmchj_bWBwBeWp5urmIhG7-dyXrZfkcL95h1pTZSkWQB313_6XQWMMFICMR7icm1cOP_fJjgKME7Py6b1muIn_XGrHi9WQt-0PRlyY5OWJ9MKybY0tpaiF4lRCjX9UTCdd8Zsfz9vHAWhTiCnfowiB5iQKNM5GgSU-V5Q8urkdbcL8ULPG_0nZQ
231[#] https://www.mgm.gov.tr/tahmin/il-ve-ilceler.aspx?il=Samsun
232[#] https://www.cimer.gov.tr/?bim=CfDJ8CLd_u-3vtlEmchj_bWBwBeWp5urmIhG7-dyXrZfkcL95h1pTZSkWQB313_6XQWMMFICMR7icm1cOP_fJjgKME7Py6b1muIn_XGrHi9WQt-0PRlyY5OWJ9MKybY0tpaiF4lRCjX9UTCdd8Zsfz9vHAWhTiCnfowiB5iQKNM5GgSU-V5Q8urkdbcL8ULPG_0nZQ
233[#] https://www.e-icisleri.gov.tr/GeneleAcikSayfalar/YatirimTakipSistemi/IlYatirimListHarita.aspx?Province=yE3gaC|Rk1U2TSSFKgeV4w==
234--------------------------------------------------
235[!] 121 Internal links Discovered
236[+] http://www.samsun.gov.tr///kurumlar/samsun.gov.tr/Site İçeriği/logo-son_png.png
237[+] http://www.samsun.gov.tr///Areas/WebPart/Contents/ValilikHeader/css/v1header.css
238[+] http://www.samsun.gov.tr//javascript:void(0);
239[+] http://www.samsun.gov.tr
240[+] http://www.samsun.gov.tr
241[+] http://www.samsun.gov.tr////www.samsun.gov.tr/yoneticilerimiz
242[+] http://www.samsun.gov.tr////www.samsun.gov.tr/vali-sn-osman-kaymak
243[+] http://www.samsun.gov.tr////www.samsun.gov.tr/vali-yardimcilari-menu
244[+] http://www.samsun.gov.tr////www.samsun.gov.tr/kaymakamlar-menu
245[+] http://www.samsun.gov.tr////www.samsun.gov.tr/valilik-birimleri-toplu
246[+] http://www.samsun.gov.tr////www.samsun.gov.tr/hukumet-konagi-tarihcesi
247[+] http://www.samsun.gov.tr////www.samsun.gov.tr/etik-kurulu
248[+] http://www.samsun.gov.tr////www.samsun.gov.tr/protokol-listesi
249[+] http://www.samsun.gov.tr////www.samsun.gov.tr/kurumsal-kimlik
250[+] http://www.samsun.gov.tr////www.samsun.gov.tr/sehrimiz
251[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ilcelerimiz
252[+] http://www.samsun.gov.tr////www.samsun.gov.tr/hizmet-birimleri
253[+] http://www.samsun.gov.tr////www.samsun.gov.tr/kamu-hizmet-standartlari-indirme-sayfasi
254[+] http://www.samsun.gov.tr////www.samsun.gov.tr/haberler
255[+] http://www.samsun.gov.tr////www.samsun.gov.tr/validen-haberler
256[+] http://www.samsun.gov.tr////www.samsun.gov.tr/duyurular
257[+] http://www.samsun.gov.tr////www.samsun.gov.tr/dosyalar
258[+] http://www.samsun.gov.tr////www.samsun.gov.tr/iletisim2
259[+] http://www.samsun.gov.tr//javascript:void(0);
260[+] http://www.samsun.gov.tr//javascript:void(0);
261[+] http://www.samsun.gov.tr////www.samsun.gov.tr/yoneticilerimiz
262[+] http://www.samsun.gov.tr////www.samsun.gov.tr/vali-sn-osman-kaymak
263[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ibrahim-avci
264[+] http://www.samsun.gov.tr////www.samsun.gov.tr/vali-yrd-hasan-ozturk
265[+] http://www.samsun.gov.tr////www.samsun.gov.tr/vali-yrd-sn-sezgin-ucuncu
266[+] http://www.samsun.gov.tr////www.samsun.gov.tr/mehmet-aktas
267[+] http://www.samsun.gov.tr////www.samsun.gov.tr/hasan-balci
268[+] http://www.samsun.gov.tr////www.samsun.gov.tr/19-mayis-kaymakamligi
269[+] http://www.samsun.gov.tr////www.samsun.gov.tr/alacam-kaymakamligi
270[+] http://www.samsun.gov.tr////www.samsun.gov.tr/asarcik-kaymakamligi
271[+] http://www.samsun.gov.tr////www.samsun.gov.tr/atakum-kaymakamligi
272[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ayvacik-kaymakamligi
273[+] http://www.samsun.gov.tr////www.samsun.gov.tr/bafra-kaymakamligi
274[+] http://www.samsun.gov.tr////www.samsun.gov.tr/canik-kaymakamligi
275[+] http://www.samsun.gov.tr////www.samsun.gov.tr/carsamba-kaymakamligi
276[+] http://www.samsun.gov.tr////www.samsun.gov.tr/havza-kaymakamligi
277[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ilkadim-kaymakamligi
278[+] http://www.samsun.gov.tr////www.samsun.gov.tr/kavak-kaymakamligi
279[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ladik-kaymakamligi
280[+] http://www.samsun.gov.tr////www.samsun.gov.tr/salipazari-kaymakamligi
281[+] http://www.samsun.gov.tr////www.samsun.gov.tr/tekkekoy-kaymakamligi
282[+] http://www.samsun.gov.tr////www.samsun.gov.tr/terme-kaymakamligi
283[+] http://www.samsun.gov.tr////www.samsun.gov.tr/vezirkopru-kaymakamligi
284[+] http://www.samsun.gov.tr////www.samsun.gov.tr/il-yazi-isleri-mudurlugu11
285[+] http://www.samsun.gov.tr////www.samsun.gov.tr/il-idare-kurulu-mudurlugu1
286[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ozel-kalem-mudurlugu1
287[+] http://www.samsun.gov.tr////www.samsun.gov.tr/il-basin-ve-halkla-iliskiler-mudurlugu1
288[+] http://www.samsun.gov.tr////www.samsun.gov.tr/bilgi-islem-sube-mudurlugu1
289[+] http://www.samsun.gov.tr////www.samsun.gov.tr/hukuk-isleri-sube-mudurlugu1
290[+] http://www.samsun.gov.tr////www.samsun.gov.tr/idare-ve-denetim-mudurlugu
291[+] http://www.samsun.gov.tr////www.samsun.gov.tr/il-planlama-ve-koordinasyon-mudurlugu1
292[+] http://www.samsun.gov.tr////www.samsun.gov.tr/idari-hizmetler-sube-mudurlugu1
293[+] http://www.samsun.gov.tr////www.samsun.gov.tr/protokol-sube-mudurlugu1
294[+] http://www.samsun.gov.tr////www.samsun.gov.tr/il-sosyal-etut-ve-proje-mudurlugu1
295[+] http://www.samsun.gov.tr/yikob
296[+] http://www.samsun.gov.tr////www.samsun.gov.tr/hukumet-konagi-tarihcesi
297[+] http://www.samsun.gov.tr////www.samsun.gov.tr/etik-kurulu
298[+] http://www.samsun.gov.tr////www.samsun.gov.tr/protokol-listesi
299[+] http://www.samsun.gov.tr////www.samsun.gov.tr/kurumsal-kimlik
300[+] http://www.samsun.gov.tr////www.samsun.gov.tr/sehrimiz
301[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ilcelerimiz
302[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-il-emniyet-mudurlugu
303[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-il-jandarma-komutanligi
304[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-112-acil-cagri-merkezi-mudurlugu
305[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-il-milli-egitim-mudurlugu
306[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-ticaret-il-mudurlugu
307[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-sanayi-ve-teknoloji-il-mudurlugu
308[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-il-kultur-ve-turizm-mudurlugu
309[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-il-saglik-mudurlugu
310[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-sosyal-guvenlik-il-mudurlugu
311[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-vergi-dairesi-baskanligi
312[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-defterdarligi
313[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-cevre-ve-sehircilik-il-mudurlugu
314[+] http://www.samsun.gov.tr////www.samsun.gov.tr/kamu-hizmet-standartlari-indirme-sayfasi
315[+] http://www.samsun.gov.tr////www.samsun.gov.tr/haberler
316[+] http://www.samsun.gov.tr////www.samsun.gov.tr/validen-haberler
317[+] http://www.samsun.gov.tr////www.samsun.gov.tr/duyurular
318[+] http://www.samsun.gov.tr////www.samsun.gov.tr/dosyalar
319[+] http://www.samsun.gov.tr////www.samsun.gov.tr/iletisim2
320[+] http://www.samsun.gov.tr///gecmisten-gunumuze-samsun
321[+] http://www.samsun.gov.tr///baslangictan-bugune-19-mayis-kutlamalari
322[+] http://www.samsun.gov.tr///ilkadimin-simgesi-bandirma-gemisi
323[+] http://www.samsun.gov.tr///haberler
324[+] http://www.samsun.gov.tr////www.samsun.gov.tr/havai-fisek-kullanimi-dugunlerde-yapilan-arac-konvoylari-ve-silah-kullanilmasi-hakkinda-basin-aciklamasi
325[+] http://www.samsun.gov.tr////www.samsun.gov.tr/vsamsun-adeta-turkiyenin-ticarette-dunyaya-acilan-kapilarindan-bir-tanesi-olmaya-basladi
326[+] http://www.samsun.gov.tr////www.samsun.gov.tr/atakum-bafra-canik-carsambailkadim-ve-tekkekoy-ilce-kaymakamliklarimizda-acik-kapi-burolari-olusturuldu
327[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ilk-adimdan-kurtulusa-karma-resim-sergisi-pariste-acildi
328[+] http://www.samsun.gov.tr////www.samsun.gov.tr/milli-mucadelenin-100-yilinda-samsunda-ulke-protokolu-bir-araya-geldi
329[+] http://www.samsun.gov.tr////www.samsun.gov.tr/xataturkun-19-mayis-1919da-samsuna-gelisini-sembolize-eden-bayrak-karaya-cikarildi
330[+] http://www.samsun.gov.tr///duyurular
331[+] http://www.samsun.gov.tr////www.samsun.gov.tr/tc-samsun-valiligi-imza-yetkileri-ve-yetki-devri-yonergesi-2019
332[+] http://www.samsun.gov.tr////www.samsun.gov.tr/suluova-kaymakamligi-ihale-ilanlari
333[+] http://www.samsun.gov.tr////www.samsun.gov.tr/toplanma-alanlari-il-afet-ve-acil-durum-mudurlugu
334[+] http://www.samsun.gov.tr////www.samsun.gov.tr/2019-yili-4-donem-il-koordinasyon-kurulu-toplantisi-sunumlari
335[+] http://www.samsun.gov.tr////www.samsun.gov.tr/tc-samsun-valiligi-imza-yetkileri-ve-yetki-devri-yonergesi-2019
336[+] http://www.samsun.gov.tr////www.samsun.gov.tr/suluova-kaymakamligi-ihale-ilanlari
337[+] http://www.samsun.gov.tr////www.samsun.gov.tr/toplanma-alanlari-il-afet-ve-acil-durum-mudurlugu
338[+] http://www.samsun.gov.tr////www.samsun.gov.tr/2019-yili-4-donem-il-koordinasyon-kurulu-toplantisi-sunumlari
339[+] http://www.samsun.gov.tr///sehrimiz
340[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ataturk-ve-samsun2
341[+] http://www.samsun.gov.tr////www.samsun.gov.tr/kizilirmak-deltasi-kus-cenneti-ve-mandacilik1
342[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-mutfagi-ilceler
343[+] http://www.samsun.gov.tr////www.samsun.gov.tr/yasar-dogu-1917---1961
344[+] http://www.samsun.gov.tr////www.samsun.gov.tr/bati-park2
345[+] http://www.samsun.gov.tr////www.samsun.gov.tr/ataturk-ve-samsun2
346[+] http://www.samsun.gov.tr////www.samsun.gov.tr/kizilirmak-deltasi-kus-cenneti-ve-mandacilik1
347[+] http://www.samsun.gov.tr////www.samsun.gov.tr/samsun-mutfagi-ilceler
348[+] http://www.samsun.gov.tr////www.samsun.gov.tr/yasar-dogu-1917---1961
349[+] http://www.samsun.gov.tr////www.samsun.gov.tr/bati-park2
350[+] http://www.samsun.gov.tr///vali-sn-osman-kaymak
351[+] http://www.samsun.gov.tr///validen-haberler
352[+] http://www.samsun.gov.tr///Areas/WebPart/Contents/NewsList/css/news-section.css
353[+] http://www.samsun.gov.tr////www.samsun.gov.tr/sayin-valimiz-xi-uluslararasi-dunya-dili-turkce-sempozyumunun-acilis-torenine-katildi
354[+] http://www.samsun.gov.tr////www.samsun.gov.tr/2019-2020-sezonunun-sonunda-samsunda-129-bin-kisi-yuzme-ogrenmis-olacak
355[+] http://www.samsun.gov.tr////www.samsun.gov.tr/sayin-valimiz-xi-uluslararasi-dunya-dili-turkce-sempozyumunun-acilis-torenine-katildi
356[+] http://www.samsun.gov.tr////www.samsun.gov.tr/2019-2020-sezonunun-sonunda-samsunda-129-bin-kisi-yuzme-ogrenmis-olacak
357--------------------------------------------------
358[!] 14 External links Discovered
359[#] https://www.icisleri.gov.tr/
360[#] https://www.turkiye.gov.tr/
361[#] http://www.mevzuat.gov.tr/
362[#] https://www.acikkapi.gov.tr/
363[#] http://www.mevzuat.gov.tr/
364[#] https://www.acikkapi.gov.tr/
365[#] https://twitter.com/osmankaymk
366[#] https://www.instagram.com/osmankaymk/
367[#] http://www.acikkapi.gov.tr/
368[#] https://www.samsun2019.com.tr
369[#] https://www.tccb.gov.tr/
370[#] https://www.icisleri.gov.tr/
371[#] https://www.turkiye.gov.tr/
372[#] https://www.cimer.gov.tr/
373--------------------------------------------------
374[#] Mapping Subdomain..
375[!] Found 2 Subdomain
376- samsun.gov.tr
377- ns.samsun.gov.tr
378--------------------------------------------------
379[!] Done At 2019-10-17 21:25:03.797389
380#######################################################################################################################################
381[i] Scanning Site: http://www.samsun.gov.tr
382
383
384
385B A S I C I N F O
386====================
387
388
389[+] Site Title: T.C. SAMSUN VALİLİĞİ
390[+] IP address: 2.58.141.20
391[+] Web Server: Microsoft-IIS/10.0
392[+] CMS: Could Not Detect
393[+] Cloudflare: Not Detected
394[+] Robots File: Found
395
396-------------[ contents ]----------------
397
398User-agent: *
399Disallow: /kullanicilar
400Disallow: /ortak_icerik
401Disallow: /kurumlar
402Disallow: /Kurumlar
403Disallow: /Kullanicilar
404-----------[end of contents]-------------
405
406
407
408W H O I S L O O K U P
409========================
410
411 ** Domain Name: samsun.gov.tr
412
413** Registrant:
414 Samsun Valiliği
415 Hükümet Konağı
416 55019
417 Samsun,
418 Türkiye
419 valilik@samsun.gov.tr
420 + 90-362-4316475-
421 + 90-362-4359098
422
423
424** Administrative Contact:
425NIC Handle : tsv79-metu
426Organization Name : T.C. Samsun Valiliği
427Address : Hükümet Konağı Samsun/İlkadım
428
429 Samsun,55019
430 Türkiye
431Phone : + 90-362-4316475-145
432Fax : +
433
434
435** Technical Contact:
436NIC Handle : tsv79-metu
437Organization Name : T.C. Samsun Valiliği
438Address : Hükümet Konağı Samsun/İlkadım
439
440 Samsun,55019
441 Türkiye
442Phone : + 90-362-4316475-145
443Fax : +
444
445
446** Billing Contact:
447NIC Handle : tsv79-metu
448Organization Name : T.C. Samsun Valiliği
449Address : Hükümet Konağı Samsun/İlkadım
450
451 Samsun,55019
452 Türkiye
453Phone : + 90-362-4316475-145
454Fax : +
455
456
457** Domain Servers:
458ns1.isay.gov.tr
459ns2.isay.gov.tr
460
461** Additional Info:
462Created on..............: 2000-Apr-13.
463Expires on..............: 2021-Apr-12.
464
465
466
467
468G E O I P L O O K U P
469=========================
470
471[i] IP Address: 2.58.141.20
472[i] Country: Turkey
473[i] State:
474[i] City:
475[i] Latitude: 41.0214
476[i] Longitude: 28.9948
477
478
479
480
481H T T P H E A D E R S
482=======================
483
484
485[i] HTTP/1.1 200 OK
486[i] Cache-Control: private, no-store, max-age=180
487[i] Content-Type: text/html; charset=utf-8
488[i] Expires: Fri, 18 Oct 2019 01:25:30 GMT
489[i] Last-Modified: Fri, 18 Oct 2019 01:22:30 GMT
490[i] Vary: *
491[i] Server: Microsoft-IIS/10.0
492[i] Set-Cookie: ASP.NET_SessionId=kpnkvae2tdxl0njavtqqgzsg; path=/; HttpOnly
493[i] X-AspNetMvc-Version: 5.2
494[i] X-AspNet-Version: 4.0.30319
495[i] X-Powered-By: ASP.NET
496[i] Date: Fri, 18 Oct 2019 01:22:30 GMT
497[i] Connection: keep-alive
498[i] X-Via-NSCOPI: 1.0
499[i] Transfer-Encoding: chunked
500[i] Set-Cookie: NSC_ESNS=80ebc47c-13c4-1da9-9678-ba8b1843e7c4_2542665576_0346085548_00000000015047436793; Path=/; Expires=Fri, 18-Oct-2019 01:22:45 GMT
501[i] Cache-Control: no-cache
502
503
504
505
506D N S L O O K U P
507===================
508
509samsun.gov.tr. 4 IN A 2.58.141.20
510samsun.gov.tr. 21599 IN NS ns.samsun.gov.tr.
511samsun.gov.tr. 299 IN SOA ns.samsun.gov.tr. internet.icisleri.gov.tr. 1461669335 10800 3600 604800 10800
512samsun.gov.tr. 21599 IN MX 10 posta.muhtar.gov.tr.
513samsun.gov.tr. 21599 IN TXT "v=spf1 ip4:2.58.141.17 mx:posta.muhtar.gov.tr ~all"
514
515
516
517
518S U B N E T C A L C U L A T I O N
519====================================
520
521Address = 2.58.141.20
522Network = 2.58.141.20 / 32
523Netmask = 255.255.255.255
524Broadcast = not needed on Point-to-Point links
525Wildcard Mask = 0.0.0.0
526Hosts Bits = 0
527Max. Hosts = 1 (2^0 - 0)
528Host Range = { 2.58.141.20 - 2.58.141.20 }
529
530
531
532N M A P P O R T S C A N
533============================
534
535Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-18 01:22 UTC
536Nmap scan report for samsun.gov.tr (2.58.141.20)
537Host is up (0.13s latency).
538
539PORT STATE SERVICE
54021/tcp filtered ftp
54122/tcp filtered ssh
54223/tcp filtered telnet
54380/tcp open http
544110/tcp filtered pop3
545143/tcp filtered imap
546443/tcp filtered https
5473389/tcp filtered ms-wbt-server
548
549Nmap done: 1 IP address (1 host up) scanned in 3.32 seconds
550
551
552
553S U B - D O M A I N F I N D E R
554==================================
555
556
557[i] Total Subdomains Found : 1
558
559[+] Subdomain: ns.samsun.gov.tr
560[-] IP: 213.14.228.132
561#######################################################################################################################################
562[INFO] ------TARGET info------
563[*] TARGET: http://www.samsun.gov.tr/
564[*] TARGET IP: 2.58.141.20
565[INFO] NO load balancer detected for www.samsun.gov.tr...
566[*] DNS servers: samsun.gov.tr.
567[*] TARGET server: Microsoft-IIS/10.0
568[*] CC: TR
569[*] Country: Turkey
570[*] RegionCode: 06
571[*] RegionName: Ankara
572[*] City: Ankara
573[*] ASN: AS209171
574[*] BGP_PREFIX: 2.58.141.0/24
575[*] ISP: icisleri Turkiye Cumhuriyeti Icisleri Bakanligi, TR
576[INFO] DNS enumeration:
577[*] mail.samsun.gov.tr 213.14.228.17
578[INFO] Possible abuse mails are:
579[*] abuse@samsun.gov.tr
580[*] abuse@www.samsun.gov.tr
581[*] bilisimaglari@icisleri.gov.tr
582[INFO] NO PAC (Proxy Auto Configuration) file FOUND
583[ALERT] robots.txt file FOUND in http://www.samsun.gov.tr/robots.txt
584[INFO] Checking for HTTP status codes recursively from http://www.samsun.gov.tr/robots.txt
585[INFO] Status code Folders
586[INFO] Starting FUZZing in http://www.samsun.gov.tr/FUzZzZzZzZz...
587[INFO] Status code Folders
588[*] 200 http://www.samsun.gov.tr/index
589[*] 200 http://www.samsun.gov.tr/images
590[*] 200 http://www.samsun.gov.tr/download
591[*] 200 http://www.samsun.gov.tr/2006
592[*] 200 http://www.samsun.gov.tr/news
593[*] 200 http://www.samsun.gov.tr/crack
594[*] 200 http://www.samsun.gov.tr/serial
595[*] 200 http://www.samsun.gov.tr/warez
596[*] 200 http://www.samsun.gov.tr/full
597[*] 200 http://www.samsun.gov.tr/12
598[ALERT] Look in the source code. It may contain passwords
599[INFO] Links found from http://www.samsun.gov.tr/ http://2.58.141.20/:
600[*] https://twitter.com/osmankaymk
601[*] https://www.acikkapi.gov.tr/
602[*] https://www.cimer.gov.tr/
603[*] https://www.cimer.gov.tr/?bim=CfDJ8CLd_u-3vtlEmchj_bWBwBeWp5urmIhG7-dyXrZfkcL95h1pTZSkWQB313_6XQWMMFICMR7icm1cOP_fJjgKME7Py6b1muIn_XGrHi9WQt-0PRlyY5OWJ9MKybY0tpaiF4lRCjX9UTCdd8Zsfz9vHAWhTiCnfowiB5iQKNM5GgSU-V5Q8urkdbcL8ULPG_0nZQ
604[*] https://www.e-icisleri.gov.tr/GeneleAcikSayfalar/YatirimTakipSistemi/IlYatirimListHarita.aspx?Province=yE3gaC|Rk1U2TSSFKgeV4w==
605[*] https://www.icisleri.gov.tr/
606[*] https://www.instagram.com/osmankaymk/
607[*] https://www.mgm.gov.tr/tahmin/il-ve-ilceler.aspx?il=Samsun
608[*] https://www.samsun2019.com.tr/
609[*] https://www.tccb.gov.tr/
610[*] https://www.turkiye.gov.tr/
611[*] http://www.acikkapi.gov.tr/
612[*] http://www.mevzuat.gov.tr/
613[*] http://www.samsun.gov.tr/
614[*] http://www.samsun.gov.tr/19-mayis-kaymakamligi
615[*] http://www.samsun.gov.tr/2019-2020-sezonunun-sonunda-samsunda-129-bin-kisi-yuzme-ogrenmis-olacak
616[*] http://www.samsun.gov.tr/2019-yili-4-donem-il-koordinasyon-kurulu-toplantisi-sunumlari
617[*] http://www.samsun.gov.tr/alacam-kaymakamligi
618[*] http://www.samsun.gov.tr/asarcik-kaymakamligi
619[*] http://www.samsun.gov.tr/atakum-bafra-canik-carsambailkadim-ve-tekkekoy-ilce-kaymakamliklarimizda-acik-kapi-burolari-olusturuldu
620[*] http://www.samsun.gov.tr/atakum-kaymakamligi
621[*] http://www.samsun.gov.tr/ataturk-ve-samsun2
622[*] http://www.samsun.gov.tr/ayvacik-kaymakamligi
623[*] http://www.samsun.gov.tr/bafra-kaymakamligi
624[*] http://www.samsun.gov.tr/baslangictan-bugune-19-mayis-kutlamalari
625[*] http://www.samsun.gov.tr/bati-park2
626[*] http://www.samsun.gov.tr/bilgi-islem-sube-mudurlugu1
627[*] http://www.samsun.gov.tr/canik-kaymakamligi
628[*] http://www.samsun.gov.tr/carsamba-kaymakamligi
629[*] http://www.samsun.gov.tr/dosyalar
630[*] http://www.samsun.gov.tr/duyurular
631[*] http://www.samsun.gov.tr/etik-kurulu
632[*] http://www.samsun.gov.tr/gecmisten-gunumuze-samsun
633[*] http://www.samsun.gov.tr/haberler
634[*] http://www.samsun.gov.tr/hasan-balci
635[*] http://www.samsun.gov.tr/havai-fisek-kullanimi-dugunlerde-yapilan-arac-konvoylari-ve-silah-kullanilmasi-hakkinda-basin-aciklamasi
636[*] http://www.samsun.gov.tr/havza-kaymakamligi
637[*] http://www.samsun.gov.tr/hizmet-birimleri
638[*] http://www.samsun.gov.tr/hukuk-isleri-sube-mudurlugu1
639[*] http://www.samsun.gov.tr/hukumet-konagi-tarihcesi
640[*] http://www.samsun.gov.tr/ibrahim-avci
641[*] http://www.samsun.gov.tr/idare-ve-denetim-mudurlugu
642[*] http://www.samsun.gov.tr/idari-hizmetler-sube-mudurlugu1
643[*] http://www.samsun.gov.tr/il-basin-ve-halkla-iliskiler-mudurlugu1
644[*] http://www.samsun.gov.tr/ilcelerimiz
645[*] http://www.samsun.gov.tr/iletisim2
646[*] http://www.samsun.gov.tr/il-idare-kurulu-mudurlugu1
647[*] http://www.samsun.gov.tr/ilk-adimdan-kurtulusa-karma-resim-sergisi-pariste-acildi
648[*] http://www.samsun.gov.tr/ilkadimin-simgesi-bandirma-gemisi
649[*] http://www.samsun.gov.tr/ilkadim-kaymakamligi
650[*] http://www.samsun.gov.tr/il-planlama-ve-koordinasyon-mudurlugu1
651[*] http://www.samsun.gov.tr/il-sosyal-etut-ve-proje-mudurlugu1
652[*] http://www.samsun.gov.tr/il-yazi-isleri-mudurlugu11
653[*] http://www.samsun.gov.tr/kamu-hizmet-standartlari-indirme-sayfasi
654[*] http://www.samsun.gov.tr/kavak-kaymakamligi
655[*] http://www.samsun.gov.tr/kaymakamlar-menu
656[*] http://www.samsun.gov.tr/kizilirmak-deltasi-kus-cenneti-ve-mandacilik1
657[*] http://www.samsun.gov.tr/kurumsal-kimlik
658[*] http://www.samsun.gov.tr/ladik-kaymakamligi
659[*] http://www.samsun.gov.tr/mehmet-aktas
660[*] http://www.samsun.gov.tr/milli-mucadelenin-100-yilinda-samsunda-ulke-protokolu-bir-araya-geldi
661[*] http://www.samsun.gov.tr/#MobileSlideMenu
662[*] http://www.samsun.gov.tr/ozel-kalem-mudurlugu1
663[*] http://www.samsun.gov.tr/protokol-listesi
664[*] http://www.samsun.gov.tr/protokol-sube-mudurlugu1
665[*] http://www.samsun.gov.tr/salipazari-kaymakamligi
666[*] http://www.samsun.gov.tr/samsun-112-acil-cagri-merkezi-mudurlugu
667[*] http://www.samsun.gov.tr/samsun-cevre-ve-sehircilik-il-mudurlugu
668[*] http://www.samsun.gov.tr/samsun-defterdarligi
669[*] http://www.samsun.gov.tr/samsun-il-emniyet-mudurlugu
670[*] http://www.samsun.gov.tr/samsun-il-jandarma-komutanligi
671[*] http://www.samsun.gov.tr/samsun-il-kultur-ve-turizm-mudurlugu
672[*] http://www.samsun.gov.tr/samsun-il-milli-egitim-mudurlugu
673[*] http://www.samsun.gov.tr/samsun-il-saglik-mudurlugu
674[*] http://www.samsun.gov.tr/samsun-mutfagi-ilceler
675[*] http://www.samsun.gov.tr/samsun-sanayi-ve-teknoloji-il-mudurlugu
676[*] http://www.samsun.gov.tr/samsun-sosyal-guvenlik-il-mudurlugu
677[*] http://www.samsun.gov.tr/samsun-ticaret-il-mudurlugu
678[*] http://www.samsun.gov.tr/samsun-vergi-dairesi-baskanligi
679[*] http://www.samsun.gov.tr/sayin-valimiz-xi-uluslararasi-dunya-dili-turkce-sempozyumunun-acilis-torenine-katildi
680[*] http://www.samsun.gov.tr/sehrimiz
681[*] http://www.samsun.gov.tr/suluova-kaymakamligi-ihale-ilanlari
682[*] http://www.samsun.gov.tr/tc-samsun-valiligi-imza-yetkileri-ve-yetki-devri-yonergesi-2019
683[*] http://www.samsun.gov.tr/tekkekoy-kaymakamligi
684[*] http://www.samsun.gov.tr/terme-kaymakamligi
685[*] http://www.samsun.gov.tr/toplanma-alanlari-il-afet-ve-acil-durum-mudurlugu
686[*] http://www.samsun.gov.tr/validen-haberler
687[*] http://www.samsun.gov.tr/valilik-birimleri-toplu
688[*] http://www.samsun.gov.tr/vali-sn-osman-kaymak
689[*] http://www.samsun.gov.tr/vali-yardimcilari-menu
690[*] http://www.samsun.gov.tr/vali-yrd-hasan-ozturk
691[*] http://www.samsun.gov.tr/vali-yrd-sn-sezgin-ucuncu
692[*] http://www.samsun.gov.tr/vezirkopru-kaymakamligi
693[*] http://www.samsun.gov.tr/vsamsun-adeta-turkiyenin-ticarette-dunyaya-acilan-kapilarindan-bir-tanesi-olmaya-basladi
694[*] http://www.samsun.gov.tr/xataturkun-19-mayis-1919da-samsuna-gelisini-sembolize-eden-bayrak-karaya-cikarildi
695[*] http://www.samsun.gov.tr/yasar-dogu-1917---1961
696[*] http://www.samsun.gov.tr/yikob
697[*] http://www.samsun.gov.tr/yoneticilerimiz
698[INFO] GOOGLE has 74,000,000 results (0.36 seconds) about http://www.samsun.gov.tr/
699[INFO] Shodan detected the following opened ports on 2.58.141.20:
700[*] 80
701[INFO] ------VirusTotal SECTION------
702[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
703[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
704[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
705[INFO] ------Alexa Rank SECTION------
706[INFO] Percent of Visitors Rank in Country:
707[INFO] Percent of Search Traffic:
708[INFO] Percent of Unique Visits:
709[INFO] Total Sites Linking In:
710[*] Total Sites
711[INFO] Useful links related to www.samsun.gov.tr - 2.58.141.20:
712[*] https://www.virustotal.com/pt/ip-address/2.58.141.20/information/
713[*] https://www.hybrid-analysis.com/search?host=2.58.141.20
714[*] https://www.shodan.io/host/2.58.141.20
715[*] https://www.senderbase.org/lookup/?search_string=2.58.141.20
716[*] https://www.alienvault.com/open-threat-exchange/ip/2.58.141.20
717[*] http://pastebin.com/search?q=2.58.141.20
718[*] http://urlquery.net/search.php?q=2.58.141.20
719[*] http://www.alexa.com/siteinfo/www.samsun.gov.tr
720[*] http://www.google.com/safebrowsing/diagnostic?site=www.samsun.gov.tr
721[*] https://censys.io/ipv4/2.58.141.20
722[*] https://www.abuseipdb.com/check/2.58.141.20
723[*] https://urlscan.io/search/#2.58.141.20
724[*] https://github.com/search?q=2.58.141.20&type=Code
725[INFO] Useful links related to AS209171 - 2.58.141.0/24:
726[*] http://www.google.com/safebrowsing/diagnostic?site=AS:209171
727[*] https://www.senderbase.org/lookup/?search_string=2.58.141.0/24
728[*] http://bgp.he.net/AS209171
729[*] https://stat.ripe.net/AS209171
730[INFO] Date: 17/10/19 | Time: 21:26:28
731[INFO] Total time: 1 minute(s) and 57 second(s)
732######################################################################################################################################
733Trying "samsun.gov.tr"
734;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17209
735;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 1, ADDITIONAL: 0
736
737;; QUESTION SECTION:
738;samsun.gov.tr. IN ANY
739
740;; ANSWER SECTION:
741samsun.gov.tr. 43200 IN TXT "v=spf1 ip4:2.58.141.17 mx:posta.muhtar.gov.tr ~all"
742samsun.gov.tr. 43200 IN MX 10 posta.muhtar.gov.tr.
743samsun.gov.tr. 300 IN SOA ns.samsun.gov.tr. internet.icisleri.gov.tr. 1461669335 10800 3600 604800 10800
744samsun.gov.tr. 5 IN A 2.58.141.20
745samsun.gov.tr. 43200 IN NS ns.samsun.gov.tr.
746
747;; AUTHORITY SECTION:
748samsun.gov.tr. 43200 IN NS ns.samsun.gov.tr.
749
750Received 224 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 437 ms
751######################################################################################################################################
752
753; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace samsun.gov.tr
754;; global options: +cmd
755. 81638 IN NS i.root-servers.net.
756. 81638 IN NS a.root-servers.net.
757. 81638 IN NS j.root-servers.net.
758. 81638 IN NS d.root-servers.net.
759. 81638 IN NS k.root-servers.net.
760. 81638 IN NS f.root-servers.net.
761. 81638 IN NS e.root-servers.net.
762. 81638 IN NS b.root-servers.net.
763. 81638 IN NS g.root-servers.net.
764. 81638 IN NS h.root-servers.net.
765. 81638 IN NS l.root-servers.net.
766. 81638 IN NS m.root-servers.net.
767. 81638 IN NS c.root-servers.net.
768. 81638 IN RRSIG NS 8 0 518400 20191030170000 20191017160000 22545 . jZtt8yTvshG1BzuF/j46it/rTAR5IORJIa7xst0rHRa+LsH2OC0Qqnly mI3l1L4eTRQ7GgWNYhu4Pa2HWTDy+tvS9eEtZ/YNadVkV7J5EBFFfqCT lhDnd6TDugQhocjufuiLqIt93hdLCqq80ASBDYZ8I8Cm3BB0qb/ccGlI XQ5MVFCZEV6xRLzxWwRy2CLdZFTLjcPa2nQrXnpB0hGoEdCde09sQMK8 ZEcPjCUD9AOM4qiYsHICwjCv2guKRYri9Gumnea1I4iHuVNXOzz4mWJY XCuMBiiNRfi+i70ExEhDNkNnsOS/v9i+l/SnuI71FVlH/qSe1niIM5FA hp9AGA==
769;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 238 ms
770
771tr. 172800 IN NS ns21.nic.tr.
772tr. 172800 IN NS ns22.nic.tr.
773tr. 172800 IN NS ns31.nic.tr.
774tr. 172800 IN NS ns41.nic.tr.
775tr. 172800 IN NS ns42.nic.tr.
776tr. 172800 IN NS ns91.nic.tr.
777tr. 172800 IN NS ns92.nic.tr.
778tr. 86400 IN NSEC trade. NS RRSIG NSEC
779tr. 86400 IN RRSIG NSEC 8 1 86400 20191030170000 20191017160000 22545 . j6aSkD28Nn/4wTHeT8PJvGxpWc8PkN+RhwjdgEs5gu7Lqt/BtNirPxIa lL4UjwjVKyC8QsI2VC0TxcGcqgFx2KqNoWXWAT64L+p6+ZfBNxQm+39y rGt1SKiyQxhREt14Sv9BNeUs0E0lz8C+DGcs3x863G1G16CTHazTR/Cb yqwV+dNidOmhVeOr16MVo01sAiuTCyHbWPNjsHr3Xca52p2tL5C9VRQY Hml65G68qRiEHBY8G4JIil3jC39oZqPGsS35haXThhUWhcxZezHwYnFX JuQQlni9E5YSGChbu1GhdYOnZBbroHuQP1QnVOX/G3TcfB+RJsy5x/n8 n4DRSw==
780;; Received 717 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 45 ms
781
782samsun.gov.tr. 43200 IN NS ns1.isay.gov.tr.
783samsun.gov.tr. 43200 IN NS ns2.isay.gov.tr.
784;; Received 115 bytes from 213.14.246.2#53(ns21.nic.tr) in 159 ms
785
786samsun.gov.tr. 5 IN A 2.58.141.20
787;; Received 70 bytes from 2.58.141.133#53(ns2.isay.gov.tr) in 252 ms
788######################################################################################################################################
789[*] Performing General Enumeration of Domain: samsun.gov.tr
790[-] DNSSEC is not configured for samsun.gov.tr
791[*] SOA ns.samsun.gov.tr 213.14.228.132
792[*] NS ns1.isay.gov.tr 2.58.141.132
793[*] NS ns2.isay.gov.tr 2.58.141.133
794[-] Recursion enabled on NS Server 2.58.141.133
795[*] MX posta.muhtar.gov.tr 2.58.141.17
796[*] A samsun.gov.tr 2.58.141.20
797[*] TXT samsun.gov.tr v=spf1 ip4:2.58.141.17 mx:posta.muhtar.gov.tr ~all
798[*] Enumerating SRV Records
799[-] No SRV Records Found for samsun.gov.tr
800[+] 0 Records Found
801#######################################################################################################################################
802[*] Processing domain samsun.gov.tr
803[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
804[+] Getting nameservers
8052.58.141.132 - ns1.isay.gov.tr
8062.58.141.133 - ns2.isay.gov.tr
807[-] Zone transfer failed
808
809[+] TXT records found
810"v=spf1 ip4:2.58.141.17 mx:posta.muhtar.gov.tr ~all"
811
812[+] MX records found, added to target list
81310 posta.muhtar.gov.tr.
814
815[*] Scanning samsun.gov.tr for A records
8162.58.141.20 - samsun.gov.tr
8172.58.141.20 - lists.samsun.gov.tr
818213.14.228.17 - mail.samsun.gov.tr
819213.14.228.132 - ns.samsun.gov.tr
820213.14.228.132 - smtp.samsun.gov.tr
8212.58.141.20 - www.samsun.gov.tr
822
823#######################################################################################################################################
824Parsero scan report for www.samsun.gov.tr
825http://www.samsun.gov.tr/kullanicilar 301 Moved Permanently
826http://www.samsun.gov.tr/ortak_icerik 301 Moved Permanently
827http://www.samsun.gov.tr/Kurumlar 301 Moved Permanently
828http://www.samsun.gov.tr/Kullanicilar 301 Moved Permanently
829http://www.samsun.gov.tr/kurumlar 301 Moved Permanently
830
831[+] 5 links have been analyzed but any them are available...
832#######################################################################################################################################
833Ip Address Status Type Domain Name Server
834---------- ------ ---- ----------- ------
8352.58.141.20 302 alias lists.samsun.gov.tr Microsoft-IIS/10.0
8362.58.141.20 302 host samsun.gov.tr Microsoft-IIS/10.0
837213.14.228.17 host mail.samsun.gov.tr
838213.14.228.132 host ns.samsun.gov.tr
839213.14.228.132 host smtp.samsun.gov.tr
8402.58.141.20 200 alias www.samsun.gov.tr Microsoft-IIS/10.0
8412.58.141.20 200 host samsun.gov.tr Microsoft-IIS/10.0
842#######################################################################################################################################
843[+] Testing domain
844 www.samsun.gov.tr 2.58.141.20
845[+] Dns resolving
846 Domain name Ip address Name server
847 No address associated with hostname samsun.gov.tr
848[+] Testing wildcard
849 Ok, no wildcard found.
850
851[+] Scanning for subdomain on samsun.gov.tr
852[!] Wordlist not specified. I scannig with my internal wordlist...
853 Estimated time about 321.6 seconds
854
855 Subdomain Ip address Name server
856
857 mail.samsun.gov.tr 213.14.228.17 posta.muhtar.gov.tr
858 ns.samsun.gov.tr 213.14.228.132 mail.isay.gov.tr
859 smtp.samsun.gov.tr 213.14.228.132 mail.isay.gov.tr
860######################################################################################################################################
861Domains still to check: 1
862 Checking if the hostname samsun.gov.tr. given is in fact a domain...
863
864Analyzing domain: samsun.gov.tr.
865 Checking NameServers using system default resolver...
866 IP: 2.58.141.132 (Turkey)
867 HostName: ns1.isay.gov.tr Type: NS
868 IP: 2.58.141.133 (Turkey)
869 HostName: ns2.isay.gov.tr Type: NS
870
871 Checking MailServers using system default resolver...
872 IP: 2.58.141.17 (Turkey)
873 HostName: posta.muhtar.gov.tr Type: MX
874 HostName: autodiscover.muhtar.gov.tr Type: PTR
875
876 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
877 No zone transfer found on nameserver 2.58.141.133
878 No zone transfer found on nameserver 2.58.141.132
879
880 Checking SPF record...
881
882 Checking 192 most common hostnames using system default resolver...
883 IP: 2.58.141.20 (Turkey)
884 HostName: www.samsun.gov.tr. Type: A
885 IP: 213.14.228.17 (Turkey)
886 HostName: mail.samsun.gov.tr. Type: A
887 IP: 213.14.228.132 (Turkey)
888 HostName: ns.samsun.gov.tr. Type: A
889 IP: 213.14.228.132 (Turkey)
890 HostName: ns.samsun.gov.tr. Type: A
891 HostName: smtp.samsun.gov.tr. Type: A
892 HostName: mail.isay.gov.tr Type: PTR
893
894 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
895 Checking netblock 2.58.141.0
896 Checking netblock 213.14.228.0
897
898 Searching for samsun.gov.tr. emails in Google
899
900 Checking 6 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
901 Host 2.58.141.20 is up (reset ttl 64)
902 Host 2.58.141.17 is up (reset ttl 64)
903 Host 213.14.228.17 is up (reset ttl 64)
904 Host 2.58.141.133 is up (reset ttl 64)
905 Host 2.58.141.132 is up (reset ttl 64)
906 Host 213.14.228.132 is up (reset ttl 64)
907
908 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
909 Scanning ip 2.58.141.20 (www.samsun.gov.tr.):
910 80/tcp open tcpwrapped syn-ack ttl 240
911 Scanning ip 2.58.141.17 (autodiscover.muhtar.gov.tr (PTR)):
912 80/tcp open http syn-ack ttl 240 Citrix NetScaler httpd
913 | http-methods:
914 |_ Supported Methods: GET HEAD POST
915 |_http-title: Did not follow redirect to https://2.58.141.17/
916 |_https-redirect: ERROR: Script execution failed (use -d to debug)
917 443/tcp open ssl/http syn-ack ttl 240 Microsoft IIS httpd 10.0
918 |_http-favicon: Unknown favicon MD5: 414D74DF7ACB373B46B5CE8A6C26476A
919 | http-methods:
920 |_ Supported Methods: GET HEAD POST OPTIONS
921 |_http-title: Did not follow redirect to https://posta.muhtar.gov.tr/owa
922 | ssl-cert: Subject: commonName=*.muhtar.gov.tr
923 | Subject Alternative Name: DNS:*.muhtar.gov.tr, DNS:muhtar.gov.tr
924 | Issuer: commonName=Sectigo RSA Domain Validation Secure Server CA/organizationName=Sectigo Limited/stateOrProvinceName=Greater Manchester/countryName=GB
925 | Public Key type: rsa
926 | Public Key bits: 2048
927 | Signature Algorithm: sha256WithRSAEncryption
928 | Not valid before: 2019-08-19T00:00:00
929 | Not valid after: 2021-08-20T23:59:59
930 | MD5: 074b 1af8 bfb3 bad8 ca0f 4a1d e739 83b4
931 |_SHA-1: db40 e542 c6ce feec fa61 dd16 b31c 4c0d 36af 21fc
932 |_ssl-date: 2019-10-18T01:41:18+00:00; -18s from scanner time.
933 | tls-alpn:
934 |_ http/1.1
935 OS Info: Service Info: OS: Windows; Device: load balancer; CPE: cpe:/o:microsoft:windows
936 |_clock-skew: -18s
937 Scanning ip 213.14.228.17 (mail.samsun.gov.tr.):
938 179/tcp open tcpwrapped syn-ack ttl 50
939 Scanning ip 2.58.141.133 (ns2.isay.gov.tr):
940 Scanning ip 2.58.141.132 (ns1.isay.gov.tr):
941 53/tcp open domain? syn-ack ttl 112
942 | fingerprint-strings:
943 | DNSVersionBindReqTCP:
944 | version
945 |_ bind
946 Scanning ip 213.14.228.132 (mail.isay.gov.tr (PTR)):
947 179/tcp open tcpwrapped syn-ack ttl 50
948 WebCrawling domain's web servers... up to 50 max links.
949
950 + URL to crawl: http://posta.muhtar.gov.tr
951 + Date: 2019-10-17
952
953 + Crawling URL: http://posta.muhtar.gov.tr:
954 + Links:
955 + Crawling http://posta.muhtar.gov.tr
956 + Searching for directories...
957 - Found: http://posta.muhtar.gov.tr/owa/
958 - Found: http://posta.muhtar.gov.tr/owa/auth/
959 - Found: http://posta.muhtar.gov.tr/owa/auth/15.1.1779/
960 - Found: http://posta.muhtar.gov.tr/owa/auth/15.1.1779/themes/
961 - Found: http://posta.muhtar.gov.tr/owa/auth/15.1.1779/themes/resources/
962 + Searching open folders...
963 - http://posta.muhtar.gov.tr/owa/ (No Open Folder)
964 - http://posta.muhtar.gov.tr/owa/auth/ (500 Internal Server Error)
965 - http://posta.muhtar.gov.tr/owa/auth/15.1.1779/ (500 Internal Server Error)
966 - http://posta.muhtar.gov.tr/owa/auth/15.1.1779/themes/ (500 Internal Server Error)
967 - http://posta.muhtar.gov.tr/owa/auth/15.1.1779/themes/resources/ (500 Internal Server Error)
968
969
970 + URL to crawl: https://posta.muhtar.gov.tr
971 + Date: 2019-10-17
972
973 + Crawling URL: https://posta.muhtar.gov.tr:
974 + Links:
975 + Crawling https://posta.muhtar.gov.tr
976 + Searching for directories...
977 - Found: https://posta.muhtar.gov.tr/owa/
978 - Found: https://posta.muhtar.gov.tr/owa/auth/
979 - Found: https://posta.muhtar.gov.tr/owa/auth/15.1.1779/
980 - Found: https://posta.muhtar.gov.tr/owa/auth/15.1.1779/themes/
981 - Found: https://posta.muhtar.gov.tr/owa/auth/15.1.1779/themes/resources/
982 + Searching open folders...
983 - https://posta.muhtar.gov.tr/owa/ (No Open Folder)
984 - https://posta.muhtar.gov.tr/owa/auth/ (500 Internal Server Error)
985 - https://posta.muhtar.gov.tr/owa/auth/15.1.1779/ (500 Internal Server Error)
986 - https://posta.muhtar.gov.tr/owa/auth/15.1.1779/themes/ (500 Internal Server Error)
987 - https://posta.muhtar.gov.tr/owa/auth/15.1.1779/themes/resources/ (500 Internal Server Error)
988
989--Finished--
990Summary information for domain samsun.gov.tr.
991-----------------------------------------
992
993 Domain Ips Information:
994 IP: 2.58.141.20
995 HostName: www.samsun.gov.tr. Type: A
996 Country: Turkey
997 Is Active: True (reset ttl 64)
998 Port: 80/tcp open tcpwrapped syn-ack ttl 240
999 IP: 2.58.141.17
1000 HostName: posta.muhtar.gov.tr Type: MX
1001 HostName: autodiscover.muhtar.gov.tr Type: PTR
1002 Type: SPF
1003 Country: Turkey
1004 Is Active: True (reset ttl 64)
1005 Port: 80/tcp open http syn-ack ttl 240 Citrix NetScaler httpd
1006 Script Info: | http-methods:
1007 Script Info: |_ Supported Methods: GET HEAD POST
1008 Script Info: |_http-title: Did not follow redirect to https://2.58.141.17/
1009 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1010 Port: 443/tcp open ssl/http syn-ack ttl 240 Microsoft IIS httpd 10.0
1011 Script Info: |_http-favicon: Unknown favicon MD5: 414D74DF7ACB373B46B5CE8A6C26476A
1012 Script Info: | http-methods:
1013 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1014 Script Info: |_http-title: Did not follow redirect to https://posta.muhtar.gov.tr/owa
1015 Script Info: | ssl-cert: Subject: commonName=*.muhtar.gov.tr
1016 Script Info: | Subject Alternative Name: DNS:*.muhtar.gov.tr, DNS:muhtar.gov.tr
1017 Script Info: | Issuer: commonName=Sectigo RSA Domain Validation Secure Server CA/organizationName=Sectigo Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1018 Script Info: | Public Key type: rsa
1019 Script Info: | Public Key bits: 2048
1020 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1021 Script Info: | Not valid before: 2019-08-19T00:00:00
1022 Script Info: | Not valid after: 2021-08-20T23:59:59
1023 Script Info: | MD5: 074b 1af8 bfb3 bad8 ca0f 4a1d e739 83b4
1024 Script Info: |_SHA-1: db40 e542 c6ce feec fa61 dd16 b31c 4c0d 36af 21fc
1025 Script Info: |_ssl-date: 2019-10-18T01:41:18+00:00; -18s from scanner time.
1026 Script Info: | tls-alpn:
1027 Script Info: |_ http/1.1
1028 Os Info: OS: Windows; Device: load balancer; CPE: cpe:/o:microsoft:windows
1029 Script Info: |_clock-skew: -18s
1030 IP: 213.14.228.17
1031 HostName: mail.samsun.gov.tr. Type: A
1032 Country: Turkey
1033 Is Active: True (reset ttl 64)
1034 Port: 179/tcp open tcpwrapped syn-ack ttl 50
1035 IP: 2.58.141.133
1036 HostName: ns2.isay.gov.tr Type: NS
1037 Country: Turkey
1038 Is Active: True (reset ttl 64)
1039 IP: 2.58.141.132
1040 HostName: ns1.isay.gov.tr Type: NS
1041 Country: Turkey
1042 Is Active: True (reset ttl 64)
1043 Port: 53/tcp open domain? syn-ack ttl 112
1044 Script Info: | fingerprint-strings:
1045 Script Info: | DNSVersionBindReqTCP:
1046 Script Info: | version
1047 Script Info: |_ bind
1048 IP: 213.14.228.132
1049 HostName: ns.samsun.gov.tr. Type: A
1050 HostName: smtp.samsun.gov.tr. Type: A
1051 HostName: mail.isay.gov.tr Type: PTR
1052 Country: Turkey
1053 Is Active: True (reset ttl 64)
1054 Port: 179/tcp open tcpwrapped syn-ack ttl 50
1055
1056--------------End Summary --------------
1057-----------------------------------------
1058#######################################################################################################################################
1059dnsenum VERSION:1.2.6
1060
1061----- www.samsun.gov.tr -----
1062
1063
1064Host's addresses:
1065__________________
1066
1067samsun.gov.tr. 4 IN A 2.58.141.20
1068
1069
1070Name Servers:
1071______________
1072
1073ns1.isay.gov.tr. 41165 IN A 2.58.141.132
1074ns2.isay.gov.tr. 41166 IN A 2.58.141.133
1075
1076
1077Mail (MX) Servers:
1078___________________
1079
1080posta.muhtar.gov.tr. 300 IN A 2.58.141.17
1081
1082
1083Trying Zone Transfers and getting Bind Versions:
1084_________________________________________________
1085
1086
1087Trying Zone Transfer for www.samsun.gov.tr on ns1.isay.gov.tr ...
1088
1089Trying Zone Transfer for www.samsun.gov.tr on ns2.isay.gov.tr ...
1090
1091
1092Brute forcing with /usr/share/dnsenum/dns.txt:
1093_______________________________________________
1094
1095
1096
1097www.samsun.gov.tr class C netranges:
1098_____________________________________
1099
1100
1101
1102Performing reverse lookup on 0 ip addresses:
1103_____________________________________________
1104
1105
11060 results out of 0 IP addresses.
1107
1108
1109www.samsun.gov.tr ip blocks:
1110_____________________________
1111#######################################################################################################################################
1112[*] Processing domain www.samsun.gov.tr
1113[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
1114[+] Getting nameservers
11152.58.141.132 - ns1.isay.gov.tr
11162.58.141.133 - ns2.isay.gov.tr
1117[-] Zone transfer failed
1118
1119[+] TXT records found
1120"v=spf1 ip4:2.58.141.17 mx:posta.muhtar.gov.tr ~all"
1121
1122[+] MX records found, added to target list
112310 posta.muhtar.gov.tr.
1124
1125[*] Scanning www.samsun.gov.tr for A records
11262.58.141.20 - www.samsun.gov.tr
1127#######################################################################################################################################
1128Privileges have been dropped to "nobody:nogroup" for security reasons.
1129
1130Processed queries: 0
1131Received packets: 0
1132Progress: 0.00% (00 h 00 min 00 sec / 00 h 00 min 00 sec)
1133Current incoming rate: 0 pps, average: 0 pps
1134Current success rate: 0 pps, average: 0 pps
1135Finished total: 0, success: 0 (0.00%)
1136Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
1137Failures: 0: 0.00%, 1: 0.00%, 2: 0.00%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1138Response: | Success: | Total:
1139OK: | 0 ( 0.00%) | 0 ( 0.00%)
1140NXDOMAIN: | 0 ( 0.00%) | 0 ( 0.00%)
1141SERVFAIL: | 0 ( 0.00%) | 0 ( 0.00%)
1142REFUSED: | 0 ( 0.00%) | 0 ( 0.00%)
1143FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1144
1145
1146
1147Processed queries: 1919
1148Received packets: 1996
1149Progress: 100.00% (00 h 00 min 01 sec / 00 h 00 min 01 sec)
1150Current incoming rate: 1992 pps, average: 1992 pps
1151Current success rate: 1194 pps, average: 1194 pps
1152Finished total: 1197, success: 1197 (100.00%)
1153Mismatched domains: 194 (9.81%), IDs: 0 (0.00%)
1154Failures: 0: 23.39%, 1: 104.18%, 2: 28.40%, 3: 3.84%, 4: 0.50%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1155Response: | Success: | Total:
1156OK: | 144 ( 12.03%) | 158 ( 7.99%)
1157NXDOMAIN: | 966 ( 80.70%) | 1098 ( 55.51%)
1158SERVFAIL: | 87 ( 7.27%) | 94 ( 4.75%)
1159REFUSED: | 0 ( 0.00%) | 628 ( 31.75%)
1160FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1161
1162
1163
1164Processed queries: 1919
1165Received packets: 3053
1166Progress: 100.00% (00 h 00 min 02 sec / 00 h 00 min 02 sec)
1167Current incoming rate: 1054 pps, average: 1523 pps
1168Current success rate: 552 pps, average: 873 pps
1169Finished total: 1751, success: 1751 (100.00%)
1170Mismatched domains: 519 (17.11%), IDs: 0 (0.00%)
1171Failures: 0: 15.99%, 1: 45.75%, 2: 23.87%, 3: 14.16%, 4: 7.82%, 5: 1.60%, 6: 0.40%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1172Response: | Success: | Total:
1173OK: | 185 ( 10.57%) | 206 ( 6.79%)
1174NXDOMAIN: | 1452 ( 82.92%) | 1859 ( 61.29%)
1175SERVFAIL: | 114 ( 6.51%) | 130 ( 4.29%)
1176REFUSED: | 0 ( 0.00%) | 838 ( 27.63%)
1177FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1178
1179
1180
1181Processed queries: 1919
1182Received packets: 3288
1183Progress: 100.00% (00 h 00 min 03 sec / 00 h 00 min 03 sec)
1184Current incoming rate: 234 pps, average: 1093 pps
1185Current success rate: 125 pps, average: 624 pps
1186Finished total: 1877, success: 1877 (100.00%)
1187Mismatched domains: 576 (17.63%), IDs: 0 (0.00%)
1188Failures: 0: 14.92%, 1: 42.67%, 2: 22.27%, 3: 9.96%, 4: 5.81%, 5: 3.46%, 6: 1.81%, 7: 1.12%, 8: 0.16%, 9: 0.05%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1189Response: | Success: | Total:
1190OK: | 193 ( 10.28%) | 216 ( 6.61%)
1191NXDOMAIN: | 1567 ( 83.48%) | 2017 ( 61.72%)
1192SERVFAIL: | 117 ( 6.23%) | 137 ( 4.19%)
1193REFUSED: | 0 ( 0.00%) | 898 ( 27.48%)
1194FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1195
1196
1197
1198Processed queries: 1919
1199Received packets: 3359
1200Progress: 100.00% (00 h 00 min 04 sec / 00 h 00 min 04 sec)
1201Current incoming rate: 70 pps, average: 838 pps
1202Current success rate: 27 pps, average: 475 pps
1203Finished total: 1905, success: 1905 (100.00%)
1204Mismatched domains: 607 (18.18%), IDs: 0 (0.00%)
1205Failures: 0: 14.70%, 1: 42.05%, 2: 21.94%, 3: 9.82%, 4: 5.72%, 5: 2.89%, 6: 1.21%, 7: 1.26%, 8: 0.73%, 9: 0.37%, 10: 0.05%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1206Response: | Success: | Total:
1207OK: | 195 ( 10.24%) | 219 ( 6.56%)
1208NXDOMAIN: | 1593 ( 83.62%) | 2065 ( 61.84%)
1209SERVFAIL: | 117 ( 6.14%) | 142 ( 4.25%)
1210REFUSED: | 0 ( 0.00%) | 913 ( 27.34%)
1211FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1212
1213
1214
1215Processed queries: 1919
1216Received packets: 3387
1217Progress: 100.00% (00 h 00 min 05 sec / 00 h 00 min 05 sec)
1218Current incoming rate: 27 pps, average: 676 pps
1219Current success rate: 9 pps, average: 382 pps
1220Finished total: 1915, success: 1915 (100.00%)
1221Mismatched domains: 624 (18.53%), IDs: 0 (0.00%)
1222Failures: 0: 14.62%, 1: 41.83%, 2: 21.83%, 3: 9.77%, 4: 5.69%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.47%, 10: 0.16%, 11: 0.05%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1223Response: | Success: | Total:
1224OK: | 196 ( 10.23%) | 220 ( 6.53%)
1225NXDOMAIN: | 1601 ( 83.60%) | 2084 ( 61.89%)
1226SERVFAIL: | 118 ( 6.16%) | 148 ( 4.40%)
1227REFUSED: | 0 ( 0.00%) | 914 ( 27.15%)
1228FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1229
1230
1231
1232Processed queries: 1919
1233Received packets: 3404
1234Progress: 100.00% (00 h 00 min 06 sec / 00 h 00 min 06 sec)
1235Current incoming rate: 16 pps, average: 566 pps
1236Current success rate: 2 pps, average: 319 pps
1237Finished total: 1918, success: 1918 (100.00%)
1238Mismatched domains: 638 (18.85%), IDs: 0 (0.00%)
1239Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.10%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1240Response: | Success: | Total:
1241OK: | 196 ( 10.22%) | 220 ( 6.50%)
1242NXDOMAIN: | 1604 ( 83.63%) | 2094 ( 61.88%)
1243SERVFAIL: | 118 ( 6.15%) | 154 ( 4.55%)
1244REFUSED: | 0 ( 0.00%) | 915 ( 27.04%)
1245FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1246
1247
1248
1249Processed queries: 1919
1250Received packets: 3414
1251Progress: 100.00% (00 h 00 min 07 sec / 00 h 00 min 07 sec)
1252Current incoming rate: 9 pps, average: 486 pps
1253Current success rate: 0 pps, average: 273 pps
1254Finished total: 1918, success: 1918 (100.00%)
1255Mismatched domains: 648 (19.09%), IDs: 0 (0.00%)
1256Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.10%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1257Response: | Success: | Total:
1258OK: | 196 ( 10.22%) | 220 ( 6.48%)
1259NXDOMAIN: | 1604 ( 83.63%) | 2101 ( 61.90%)
1260SERVFAIL: | 118 ( 6.15%) | 157 ( 4.63%)
1261REFUSED: | 0 ( 0.00%) | 915 ( 26.96%)
1262FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1263
1264
1265
1266Processed queries: 1919
1267Received packets: 3418
1268Progress: 100.00% (00 h 00 min 08 sec / 00 h 00 min 08 sec)
1269Current incoming rate: 3 pps, average: 426 pps
1270Current success rate: 0 pps, average: 239 pps
1271Finished total: 1918, success: 1918 (100.00%)
1272Mismatched domains: 652 (19.19%), IDs: 0 (0.00%)
1273Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1274Response: | Success: | Total:
1275OK: | 196 ( 10.22%) | 220 ( 6.47%)
1276NXDOMAIN: | 1604 ( 83.63%) | 2103 ( 61.89%)
1277SERVFAIL: | 118 ( 6.15%) | 157 ( 4.62%)
1278REFUSED: | 0 ( 0.00%) | 917 ( 26.99%)
1279FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1280
1281
1282
1283Processed queries: 1919
1284Received packets: 3421
1285Progress: 100.00% (00 h 00 min 09 sec / 00 h 00 min 09 sec)
1286Current incoming rate: 2 pps, average: 379 pps
1287Current success rate: 0 pps, average: 212 pps
1288Finished total: 1918, success: 1918 (100.00%)
1289Mismatched domains: 655 (19.26%), IDs: 0 (0.00%)
1290Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.05%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1291Response: | Success: | Total:
1292OK: | 196 ( 10.22%) | 220 ( 6.47%)
1293NXDOMAIN: | 1604 ( 83.63%) | 2104 ( 61.86%)
1294SERVFAIL: | 118 ( 6.15%) | 158 ( 4.65%)
1295REFUSED: | 0 ( 0.00%) | 918 ( 26.99%)
1296FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1297
1298
1299
1300Processed queries: 1919
1301Received packets: 3423
1302Progress: 100.00% (00 h 00 min 10 sec / 00 h 00 min 10 sec)
1303Current incoming rate: 1 pps, average: 341 pps
1304Current success rate: 0 pps, average: 191 pps
1305Finished total: 1918, success: 1918 (100.00%)
1306Mismatched domains: 657 (19.31%), IDs: 0 (0.00%)
1307Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.05%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1308Response: | Success: | Total:
1309OK: | 196 ( 10.22%) | 221 ( 6.49%)
1310NXDOMAIN: | 1604 ( 83.63%) | 2104 ( 61.83%)
1311SERVFAIL: | 118 ( 6.15%) | 158 ( 4.64%)
1312REFUSED: | 0 ( 0.00%) | 918 ( 26.98%)
1313FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1314
1315
1316
1317Processed queries: 1919
1318Received packets: 3435
1319Progress: 100.00% (00 h 00 min 11 sec / 00 h 00 min 11 sec)
1320Current incoming rate: 11 pps, average: 311 pps
1321Current success rate: 0 pps, average: 174 pps
1322Finished total: 1918, success: 1918 (100.00%)
1323Mismatched domains: 669 (19.59%), IDs: 0 (0.00%)
1324Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.05%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1325Response: | Success: | Total:
1326OK: | 196 ( 10.22%) | 221 ( 6.47%)
1327NXDOMAIN: | 1604 ( 83.63%) | 2106 ( 61.67%)
1328SERVFAIL: | 118 ( 6.15%) | 166 ( 4.86%)
1329REFUSED: | 0 ( 0.00%) | 920 ( 26.94%)
1330FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1331
1332
1333
1334Processed queries: 1919
1335Received packets: 3442
1336Progress: 100.00% (00 h 00 min 12 sec / 00 h 00 min 12 sec)
1337Current incoming rate: 6 pps, average: 286 pps
1338Current success rate: 0 pps, average: 159 pps
1339Finished total: 1918, success: 1918 (100.00%)
1340Mismatched domains: 676 (19.75%), IDs: 0 (0.00%)
1341Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.05%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1342Response: | Success: | Total:
1343OK: | 196 ( 10.22%) | 221 ( 6.46%)
1344NXDOMAIN: | 1604 ( 83.63%) | 2107 ( 61.57%)
1345SERVFAIL: | 118 ( 6.15%) | 171 ( 5.00%)
1346REFUSED: | 0 ( 0.00%) | 921 ( 26.91%)
1347FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1348
1349
1350
1351Processed queries: 1919
1352Received packets: 3445
1353Progress: 100.00% (00 h 00 min 13 sec / 00 h 00 min 13 sec)
1354Current incoming rate: 2 pps, average: 264 pps
1355Current success rate: 0 pps, average: 147 pps
1356Finished total: 1918, success: 1918 (100.00%)
1357Mismatched domains: 679 (19.82%), IDs: 0 (0.00%)
1358Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.05%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1359Response: | Success: | Total:
1360OK: | 196 ( 10.22%) | 221 ( 6.45%)
1361NXDOMAIN: | 1604 ( 83.63%) | 2107 ( 61.52%)
1362SERVFAIL: | 118 ( 6.15%) | 174 ( 5.08%)
1363REFUSED: | 0 ( 0.00%) | 921 ( 26.89%)
1364FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1365
1366
1367
1368Processed queries: 1919
1369Received packets: 3453
1370Progress: 100.00% (00 h 00 min 14 sec / 00 h 00 min 14 sec)
1371Current incoming rate: 7 pps, average: 246 pps
1372Current success rate: 0 pps, average: 136 pps
1373Finished total: 1918, success: 1918 (100.00%)
1374Mismatched domains: 687 (20.01%), IDs: 0 (0.00%)
1375Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.05%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1376Response: | Success: | Total:
1377OK: | 196 ( 10.22%) | 221 ( 6.44%)
1378NXDOMAIN: | 1604 ( 83.63%) | 2107 ( 61.37%)
1379SERVFAIL: | 118 ( 6.15%) | 181 ( 5.27%)
1380REFUSED: | 0 ( 0.00%) | 922 ( 26.86%)
1381FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1382
1383
1384
1385Processed queries: 1919
1386Received packets: 3455
1387Progress: 100.00% (00 h 00 min 15 sec / 00 h 00 min 15 sec)
1388Current incoming rate: 1 pps, average: 229 pps
1389Current success rate: 0 pps, average: 127 pps
1390Finished total: 1918, success: 1918 (100.00%)
1391Mismatched domains: 689 (20.06%), IDs: 0 (0.00%)
1392Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.05%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1393Response: | Success: | Total:
1394OK: | 196 ( 10.22%) | 221 ( 6.43%)
1395NXDOMAIN: | 1604 ( 83.63%) | 2108 ( 61.37%)
1396SERVFAIL: | 118 ( 6.15%) | 181 ( 5.27%)
1397REFUSED: | 0 ( 0.00%) | 922 ( 26.84%)
1398FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1399
1400
1401
1402Processed queries: 1919
1403Received packets: 3457
1404Progress: 100.00% (00 h 00 min 16 sec / 00 h 00 min 16 sec)
1405Current incoming rate: 1 pps, average: 215 pps
1406Current success rate: 0 pps, average: 119 pps
1407Finished total: 1918, success: 1918 (100.00%)
1408Mismatched domains: 691 (20.10%), IDs: 0 (0.00%)
1409Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.05%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1410Response: | Success: | Total:
1411OK: | 196 ( 10.22%) | 221 ( 6.43%)
1412NXDOMAIN: | 1604 ( 83.63%) | 2109 ( 61.36%)
1413SERVFAIL: | 118 ( 6.15%) | 182 ( 5.30%)
1414REFUSED: | 0 ( 0.00%) | 922 ( 26.83%)
1415FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1416
1417
1418
1419Processed queries: 1919
1420Received packets: 3460
1421Progress: 100.00% (00 h 00 min 17 sec / 00 h 00 min 17 sec)
1422Current incoming rate: 2 pps, average: 203 pps
1423Current success rate: 0 pps, average: 112 pps
1424Finished total: 1918, success: 1918 (100.00%)
1425Mismatched domains: 694 (20.17%), IDs: 0 (0.00%)
1426Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.05%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1427Response: | Success: | Total:
1428OK: | 196 ( 10.22%) | 221 ( 6.42%)
1429NXDOMAIN: | 1604 ( 83.63%) | 2109 ( 61.31%)
1430SERVFAIL: | 118 ( 6.15%) | 183 ( 5.32%)
1431REFUSED: | 0 ( 0.00%) | 924 ( 26.86%)
1432FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1433
1434
1435
1436Processed queries: 1919
1437Received packets: 3461
1438Progress: 100.00% (00 h 00 min 18 sec / 00 h 00 min 18 sec)
1439Current incoming rate: 0 pps, average: 191 pps
1440Current success rate: 0 pps, average: 106 pps
1441Finished total: 1918, success: 1918 (100.00%)
1442Mismatched domains: 695 (20.20%), IDs: 0 (0.00%)
1443Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.05%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1444Response: | Success: | Total:
1445OK: | 196 ( 10.22%) | 221 ( 6.42%)
1446NXDOMAIN: | 1604 ( 83.63%) | 2109 ( 61.29%)
1447SERVFAIL: | 118 ( 6.15%) | 183 ( 5.32%)
1448REFUSED: | 0 ( 0.00%) | 924 ( 26.85%)
1449FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1450
1451
1452
1453Processed queries: 1919
1454Received packets: 3463
1455Progress: 100.00% (00 h 00 min 19 sec / 00 h 00 min 19 sec)
1456Current incoming rate: 1 pps, average: 181 pps
1457Current success rate: 0 pps, average: 100 pps
1458Finished total: 1918, success: 1918 (100.00%)
1459Mismatched domains: 697 (20.24%), IDs: 0 (0.00%)
1460Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.05%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1461Response: | Success: | Total:
1462OK: | 196 ( 10.22%) | 221 ( 6.42%)
1463NXDOMAIN: | 1604 ( 83.63%) | 2109 ( 61.25%)
1464SERVFAIL: | 118 ( 6.15%) | 183 ( 5.32%)
1465REFUSED: | 0 ( 0.00%) | 926 ( 26.90%)
1466FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1467
1468
1469
1470Processed queries: 1919
1471Received packets: 3466
1472Progress: 100.00% (00 h 00 min 20 sec / 00 h 00 min 20 sec)
1473Current incoming rate: 2 pps, average: 172 pps
1474Current success rate: 0 pps, average: 95 pps
1475Finished total: 1918, success: 1918 (100.00%)
1476Mismatched domains: 700 (20.31%), IDs: 0 (0.00%)
1477Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.05%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1478Response: | Success: | Total:
1479OK: | 196 ( 10.22%) | 221 ( 6.41%)
1480NXDOMAIN: | 1604 ( 83.63%) | 2110 ( 61.23%)
1481SERVFAIL: | 118 ( 6.15%) | 184 ( 5.34%)
1482REFUSED: | 0 ( 0.00%) | 927 ( 26.90%)
1483FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1484
1485
1486
1487Processed queries: 1919
1488Received packets: 3470
1489Progress: 100.00% (00 h 00 min 21 sec / 00 h 00 min 21 sec)
1490Current incoming rate: 3 pps, average: 164 pps
1491Current success rate: 0 pps, average: 91 pps
1492Finished total: 1918, success: 1918 (100.00%)
1493Mismatched domains: 704 (20.41%), IDs: 0 (0.00%)
1494Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.05%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1495Response: | Success: | Total:
1496OK: | 196 ( 10.22%) | 222 ( 6.43%)
1497NXDOMAIN: | 1604 ( 83.63%) | 2112 ( 61.22%)
1498SERVFAIL: | 118 ( 6.15%) | 185 ( 5.36%)
1499REFUSED: | 0 ( 0.00%) | 927 ( 26.87%)
1500FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1501
1502
1503
1504Processed queries: 1919
1505Received packets: 3476
1506Progress: 100.00% (00 h 00 min 22 sec / 00 h 00 min 22 sec)
1507Current incoming rate: 5 pps, average: 157 pps
1508Current success rate: 0 pps, average: 87 pps
1509Finished total: 1918, success: 1918 (100.00%)
1510Mismatched domains: 710 (20.54%), IDs: 0 (0.00%)
1511Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.05%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1512Response: | Success: | Total:
1513OK: | 196 ( 10.22%) | 222 ( 6.42%)
1514NXDOMAIN: | 1604 ( 83.63%) | 2116 ( 61.23%)
1515SERVFAIL: | 118 ( 6.15%) | 185 ( 5.35%)
1516REFUSED: | 0 ( 0.00%) | 929 ( 26.88%)
1517FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1518
1519
1520
1521Processed queries: 1919
1522Received packets: 3481
1523Progress: 100.00% (00 h 00 min 23 sec / 00 h 00 min 23 sec)
1524Current incoming rate: 4 pps, average: 151 pps
1525Current success rate: 0 pps, average: 83 pps
1526Finished total: 1918, success: 1918 (100.00%)
1527Mismatched domains: 715 (20.66%), IDs: 0 (0.00%)
1528Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.05%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1529Response: | Success: | Total:
1530OK: | 196 ( 10.22%) | 222 ( 6.41%)
1531NXDOMAIN: | 1604 ( 83.63%) | 2117 ( 61.17%)
1532SERVFAIL: | 118 ( 6.15%) | 187 ( 5.40%)
1533REFUSED: | 0 ( 0.00%) | 931 ( 26.90%)
1534FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1535
1536
1537
1538Processed queries: 1919
1539Received packets: 3484
1540Progress: 100.00% (00 h 00 min 24 sec / 00 h 00 min 24 sec)
1541Current incoming rate: 2 pps, average: 144 pps
1542Current success rate: 0 pps, average: 79 pps
1543Finished total: 1918, success: 1918 (100.00%)
1544Mismatched domains: 718 (20.73%), IDs: 0 (0.00%)
1545Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.05%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1546Response: | Success: | Total:
1547OK: | 196 ( 10.22%) | 222 ( 6.41%)
1548NXDOMAIN: | 1604 ( 83.63%) | 2118 ( 61.14%)
1549SERVFAIL: | 118 ( 6.15%) | 187 ( 5.40%)
1550REFUSED: | 0 ( 0.00%) | 933 ( 26.93%)
1551FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1552
1553
1554
1555Processed queries: 1919
1556Received packets: 3489
1557Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1558Current incoming rate: 4 pps, average: 139 pps
1559Current success rate: 0 pps, average: 76 pps
1560Finished total: 1918, success: 1918 (100.00%)
1561Mismatched domains: 723 (20.84%), IDs: 0 (0.00%)
1562Failures: 0: 14.60%, 1: 41.76%, 2: 21.79%, 3: 9.75%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.05%, 50: 0.00%,
1563Response: | Success: | Total:
1564OK: | 196 ( 10.22%) | 222 ( 6.40%)
1565NXDOMAIN: | 1604 ( 83.63%) | 2120 ( 61.11%)
1566SERVFAIL: | 118 ( 6.15%) | 187 ( 5.39%)
1567REFUSED: | 0 ( 0.00%) | 936 ( 26.98%)
1568FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1569
1570
1571
1572Processed queries: 1919
1573Received packets: 3489
1574Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1575Current incoming rate: 0 pps, average: 138 pps
1576Current success rate: 0 pps, average: 76 pps
1577Finished total: 1919, success: 1918 (99.95%)
1578Mismatched domains: 723 (20.84%), IDs: 0 (0.00%)
1579Failures: 0: 14.59%, 1: 41.74%, 2: 21.78%, 3: 9.74%, 4: 5.68%, 5: 2.87%, 6: 1.20%, 7: 1.15%, 8: 0.52%, 9: 0.42%, 10: 0.16%, 11: 0.05%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.05%,
1580Response: | Success: | Total:
1581OK: | 196 ( 10.22%) | 222 ( 6.40%)
1582NXDOMAIN: | 1604 ( 83.63%) | 2120 ( 61.11%)
1583SERVFAIL: | 118 ( 6.15%) | 187 ( 5.39%)
1584REFUSED: | 0 ( 0.00%) | 936 ( 26.98%)
1585FORMERR: | 0 ( 0.00%) | 1 ( 0.03%)
1586www.samsun.gov.tr
1587samsun.gov.tr.
1588######################################################################################################################################
1589[*] Found SPF record:
1590[*] v=spf1 ip4:2.58.141.17 mx:posta.muhtar.gov.tr ~all
1591[*] SPF record contains an All item: ~all
1592[*] No DMARC record found. Looking for organizational record
1593[+] No organizational DMARC record
1594[+] Spoofing possible for www.samsun.gov.tr!
1595#######################################################################################################################################
1596INFO[0000] Starting to process queue....
1597INFO[0000] Starting to process permutations....
1598INFO[0000] FORBIDDEN http://samsun.s3.amazonaws.com (http://samsun.gov.tr)
1599######################################################################################################################################
1600Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 22:23 EDT
1601Nmap scan report for www.samsun.gov.tr (2.58.141.20)
1602Host is up (0.28s latency).
1603Not shown: 995 filtered ports, 4 closed ports
1604Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1605PORT STATE SERVICE
160680/tcp open http
1607
1608Nmap done: 1 IP address (1 host up) scanned in 497.48 seconds
1609#######################################################################################################################################
1610Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 22:31 EDT
1611Nmap scan report for www.samsun.gov.tr (2.58.141.20)
1612Host is up (0.20s latency).
1613Not shown: 2 filtered ports
1614PORT STATE SERVICE
161553/udp open|filtered domain
161667/udp open|filtered dhcps
161768/udp open|filtered dhcpc
161869/udp open|filtered tftp
161988/udp open|filtered kerberos-sec
1620123/udp open|filtered ntp
1621139/udp open|filtered netbios-ssn
1622161/udp open|filtered snmp
1623162/udp open|filtered snmptrap
1624389/udp open|filtered ldap
1625500/udp open|filtered isakmp
1626520/udp open|filtered route
16272049/udp open|filtered nfs
1628
1629Nmap done: 1 IP address (1 host up) scanned in 5.18 seconds
1630#######################################################################################################################################
1631HTTP/1.1 200 OK
1632Cache-Control: private, no-store, max-age=180
1633X-Via-NSCOPI: 1.0
1634Transfer-Encoding: chunked
1635Content-Type: text/html; charset=utf-8
1636Expires: Fri, 18 Oct 2019 02:35:04 GMT
1637Last-Modified: Fri, 18 Oct 2019 02:32:04 GMT
1638Vary: *
1639Server: Microsoft-IIS/10.0
1640Set-Cookie: ASP.NET_SessionId=ngt2tkvut2tbbk4aliylooly; path=/; HttpOnly
1641X-AspNetMvc-Version: 5.2
1642X-AspNet-Version: 4.0.30319
1643X-Powered-By: ASP.NET
1644Date: Fri, 18 Oct 2019 02:32:04 GMT
1645Set-Cookie: NSC_ESNS=80f845e3-2412-1da9-9678-ba8b1843e7c4_0889843877_3055873586_00000000006458343761; Path=/; Expires=Fri, 18-Oct-2019 02:32:19 GMT
1646Cache-Control: no-cache
1647
1648Allow: OPTIONS, TRACE, GET, HEAD, POST
1649#######################################################################################################################################
1650//
1651application/json
1652/Areas/WebPart/Contents/NewsList/css/news-section.css
1653/Areas/WebPart/Contents/NewsList/js/newsList.js
1654/Areas/WebPart/Contents/ValilikHeader/css/v1header.css
1655/Areas/WebPart/Contents/ValilikHeader/js/v1header.js
1656/Areas/WebPart/Contents/ValilikHeader/svg/
1657background:#EEE url(/Content/Common/min-ie9-img.png) center no-repeat; position:absolute; left:0; right:0; bottom:0; top:0; z-index:100000;
1658/clm10
1659<div class='navbar-header'>T.C. Samsun Valiliği<i class='icon-close'></i></div>
1660<div class='navbar-search'><div class='input-group'><div class='input-group-prepend'><span class='input-group-text'><i class='icon-search'></i></span></div><input class='form-control' type='text' placeholder='Aramak istediğiniz kelimeyi yazınız.'/><div class='input-group-append'><span class='input-group-text'>Ara</span></div></div></div>
1661https://fonts.googleapis.com/css?family=Roboto&subset=latin-ext
1662https://twitter.com/osmankaymk
1663https://www.e-icisleri.gov.tr/GeneleAcikSayfalar/YatirimTakipSistemi/IlYatirimListHarita.aspx?Province=yE3gaC|Rk1U2TSSFKgeV4w==
1664https://www.instagram.com/osmankaymk/
1665https://www.samsun2019.com.tr
1666http://www.acikkapi.gov.tr/
1667http://www.samsun.gov.tr
1668http://www.w3.org/1999/xlink
1669/Icerik/css?v=OPZ4yxrNaPzWEKRih6_2ceq24FELJMoiJoh8-0CrrSQ1
1670/Icerik/js?v=uLMxMUc6UuRCtKybZUqZ9KZ-dGQSbwHKMsCpdNF6jMA1
1671/ISAYWebPart/Announcement/AnnouncementDahaFazlaYukle
1672/ISAYWebPart/Announcement/AnnouncementFilter
1673/ISAYWebPart/CityMap/HaritaDetay
1674/ISAYWebPart/FSlider/FSliderContent
1675/ISAYWebPart/ValilikHeader/GetHavaDurumu
1676/ISAYWebPart/ValilikHeader/IlHaritaGetir
1677text/css
1678/WebPart/Announcement-css?v=bey2yifbJmazQt0Hi_Ub2ftdwRNKVhvHZyuEbR-0Srs1
1679/WebPart/Announcement-js?v=fIodgeyNcMRqM_tjuJUlrNwxdIwPNvr5_MrFL-QCLPg1
1680/WebPart/CityArticles-css?v=suZ4zguppJ45mb0kuaIDxMJv7RB2ErDOSP-4l8GF2Ww1
1681/WebPart/CityArticles-js?v=1zSRaAV9-FuY-AKSYvnOvrdADJONrf_opv0Bf0EHKu01
1682/WebPart/CityMap-css?v=25klCQq1C1XNV7_yQJzIS040RmdcV09DDvfb1yQy52k1
1683/WebPart/CityMap-js?v=9BD103H36WUsHBF2WPQO1pcxvCRSM9xbcoH_QeJZLRM1
1684/WebPart/ContactUs-css?v=dGg8P1MguLAXsmX9lENh3xES4CL4dADkG_qxoFhgXjw1
1685/WebPart/ContactUs-js?v=yzJ0zf1YW9SycIkbEvs7RUMDdu7rxYHbCB-aedJyQrQ1
1686/WebPart/FLogo-css?v=u0L_XkqncfCYSi2ONHkXcHYbx2YCtmTO1PbuJwLug101
1687/WebPart/FLogo-js?v=00MJMa-8LWWF2n0KTFO76YdfhXszRXJZy-Hs0hZ3Ln41
1688/WebPart/FooterValilik-css?v=MSC2DB4BLBOrjcOUaqwI9t5xILSggNOOi9bdsHck8I01
1689/WebPart/FooterValilik-js?v=7nvH51TI2yKy-M_-4mWAsWHP0TRcY02lXP2h3mkBknI1
1690/WebPart/FSlider-css?v=RSZigIGfhKaohuGGo4LqrvXh_b3mofobziyJ2PMis0Y1
1691/WebPart/FSlider-js?v=_WH9MU17HEz_sVAZ1L-cV4usC7ovrpnpwNV7wBJFqUQ1
1692/WebPart/GovernorInfo-css?v=-NvfLCbU8aRWPUMgzap4PTlrHfjNEx-rIWNqAJuUw1M1
1693/WebPart/GovernorInfo-js?v=zVHfKTo6TKyvG9BQD8z4wbe7WhkvozSKCnJ00GRuZeA1
1694/WebPart/section-header-css?v=8-IxQ3JeR7j48t5eivgCqrGjQ9UFd3ROcpaNsNBlZJ41
1695/WebPart/SliderNews-css?v=Mm1HEGI3OIMFeTkKqrHV0Jb8ddKVAuOKEw3m38xP2sg1
1696/WebPart/SliderNews-js?v=QkM7Y48_NK6nEgL-fgWaT_oaurhfqfKjifnW1JyfnQI1
1697/WebPart/webPartBaslik-js?v=igef0hxTL4LW1vZeTrMF0RUZVjMtDnqpnM3LJPjNz1w1
1698//www.samsun.gov.tr/19-mayis-kaymakamligi
1699//www.samsun.gov.tr/alacam-kaymakamligi
1700//www.samsun.gov.tr/asarcik-kaymakamligi
1701//www.samsun.gov.tr/atakum-kaymakamligi
1702//www.samsun.gov.tr/ayvacik-kaymakamligi
1703//www.samsun.gov.tr/bafra-kaymakamligi
1704//www.samsun.gov.tr/bilgi-islem-sube-mudurlugu1
1705//www.samsun.gov.tr/canik-kaymakamligi
1706//www.samsun.gov.tr/carsamba-kaymakamligi
1707//www.samsun.gov.tr/dosyalar
1708//www.samsun.gov.tr/duyurular
1709//www.samsun.gov.tr/etik-kurulu
1710//www.samsun.gov.tr/haberler
1711//www.samsun.gov.tr/hasan-balci
1712//www.samsun.gov.tr/havza-kaymakamligi
1713//www.samsun.gov.tr/hukuk-isleri-sube-mudurlugu1
1714//www.samsun.gov.tr/hukumet-konagi-tarihcesi
1715//www.samsun.gov.tr/ibrahim-avci
1716//www.samsun.gov.tr/idare-ve-denetim-mudurlugu
1717//www.samsun.gov.tr/idari-hizmetler-sube-mudurlugu1
1718//www.samsun.gov.tr/il-basin-ve-halkla-iliskiler-mudurlugu1
1719//www.samsun.gov.tr/ilcelerimiz
1720//www.samsun.gov.tr/iletisim2
1721//www.samsun.gov.tr/il-idare-kurulu-mudurlugu1
1722//www.samsun.gov.tr/ilkadim-kaymakamligi
1723//www.samsun.gov.tr/il-planlama-ve-koordinasyon-mudurlugu1
1724//www.samsun.gov.tr/il-sosyal-etut-ve-proje-mudurlugu1
1725//www.samsun.gov.tr/il-yazi-isleri-mudurlugu11
1726//www.samsun.gov.tr/kamu-hizmet-standartlari-indirme-sayfasi
1727//www.samsun.gov.tr/kavak-kaymakamligi
1728//www.samsun.gov.tr/kurumsal-kimlik
1729//www.samsun.gov.tr/ladik-kaymakamligi
1730//www.samsun.gov.tr/mehmet-aktas
1731//www.samsun.gov.tr/ozel-kalem-mudurlugu1
1732//www.samsun.gov.tr/protokol-listesi
1733//www.samsun.gov.tr/protokol-sube-mudurlugu1
1734//www.samsun.gov.tr/salipazari-kaymakamligi
1735//www.samsun.gov.tr/samsun-112-acil-cagri-merkezi-mudurlugu
1736//www.samsun.gov.tr/samsun-cevre-ve-sehircilik-il-mudurlugu
1737//www.samsun.gov.tr/samsun-defterdarligi
1738//www.samsun.gov.tr/samsun-il-emniyet-mudurlugu
1739//www.samsun.gov.tr/samsun-il-jandarma-komutanligi
1740//www.samsun.gov.tr/samsun-il-kultur-ve-turizm-mudurlugu
1741//www.samsun.gov.tr/samsun-il-milli-egitim-mudurlugu
1742//www.samsun.gov.tr/samsun-il-saglik-mudurlugu
1743//www.samsun.gov.tr/samsun-sanayi-ve-teknoloji-il-mudurlugu
1744//www.samsun.gov.tr/samsun-sosyal-guvenlik-il-mudurlugu
1745//www.samsun.gov.tr/samsun-ticaret-il-mudurlugu
1746//www.samsun.gov.tr/samsun-vergi-dairesi-baskanligi
1747//www.samsun.gov.tr/sehrimiz
1748//www.samsun.gov.tr/tekkekoy-kaymakamligi
1749//www.samsun.gov.tr/terme-kaymakamligi
1750//www.samsun.gov.tr/validen-haberler
1751//www.samsun.gov.tr/vali-sn-osman-kaymak
1752//www.samsun.gov.tr/vali-yrd-hasan-ozturk
1753//www.samsun.gov.tr/vali-yrd-sn-sezgin-ucuncu
1754//www.samsun.gov.tr/vezirkopru-kaymakamligi
1755//www.samsun.gov.tr/yoneticilerimiz
1756######################################################################################################################################
1757http://www.samsun.gov.tr [200 OK] ASP_NET[4.0.30319][MVC5.2], Citrix-NetScaler, Cookies[ASP.NET_SessionId,NSC_ESNS], Country[UKRAINE][UA], Email[valilik@samsun.gov.tr], HTML5, HTTPServer[Microsoft-IIS/10.0], HttpOnly[ASP.NET_SessionId], IP[2.58.141.20], Meta-Author[T.C. SAMSUN VALİLİĞİ BİLGİ İŞLEM ŞUBE MÜDÜRLÜĞÜ], Microsoft-IIS[10.0], Script[text/javascript], Title[T.C. SAMSUN VALİLİĞİ], UncommonHeaders[x-aspnetmvc-version,x-via-nscopi], X-Powered-By[ASP.NET], X-UA-Compatible[IE=edge]
1758######################################################################################################################################
1759
1760wig - WebApp Information Gatherer
1761
1762
1763Scanning http://www.samsun.gov.tr...
1764__________________________ SITE INFO ___________________________
1765IP Title
17662.58.141.20 T.C. SAMSUN VALİLİĞİ
1767
1768___________________________ VERSION ____________________________
1769Name Versions Type
1770ASP.NET 4.0.30319 Platform
1771IIS 10.0 Platform
1772
1773_________________________ INTERESTING __________________________
1774URL Note Type
1775/robots.txt robots.txt index Interesting
1776/changelog.aspx ChangeLog text file Interesting
1777/readme.aspx Readme file Interesting
1778/install.aspx Installation file Interesting
1779/test.aspx Test file Interesting
1780/test1.aspx Test file Interesting
1781/test/ Test directory Interesting
1782/old.aspx This might be interesting Interesting
1783/old/ This might be interesting Interesting
1784/sql/ This might be interesting Interesting
1785/login.aspx Login Page Interesting
1786
1787________________________________________________________________
1788Time: 1136.4 sec Urls: 631 Fingerprints: 40401
1789#######################################################################################################################################
1790Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 22:51 EDT
1791NSE: Loaded 163 scripts for scanning.
1792NSE: Script Pre-scanning.
1793Initiating NSE at 22:51
1794Completed NSE at 22:51, 0.00s elapsed
1795Initiating NSE at 22:51
1796Completed NSE at 22:51, 0.00s elapsed
1797Initiating Parallel DNS resolution of 1 host. at 22:51
1798Completed Parallel DNS resolution of 1 host. at 22:51, 0.02s elapsed
1799Initiating SYN Stealth Scan at 22:51
1800Scanning www.samsun.gov.tr (2.58.141.20) [1 port]
1801Discovered open port 80/tcp on 2.58.141.20
1802Completed SYN Stealth Scan at 22:51, 0.27s elapsed (1 total ports)
1803Initiating Service scan at 22:51
1804Scanning 1 service on www.samsun.gov.tr (2.58.141.20)
1805Completed Service scan at 22:51, 6.42s elapsed (1 service on 1 host)
1806Initiating OS detection (try #1) against www.samsun.gov.tr (2.58.141.20)
1807Retrying OS detection (try #2) against www.samsun.gov.tr (2.58.141.20)
1808Initiating Traceroute at 22:51
1809Completed Traceroute at 22:51, 3.01s elapsed
1810Initiating Parallel DNS resolution of 8 hosts. at 22:51
1811Completed Parallel DNS resolution of 8 hosts. at 22:51, 0.42s elapsed
1812NSE: Script scanning 2.58.141.20.
1813Initiating NSE at 22:51
1814Stats: 0:02:57 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
1815NSE: Active NSE Script Threads: 6 (5 waiting)
1816NSE Timing: About 98.02% done; ETC: 22:54 (0:00:03 remaining)
1817Completed NSE at 22:57, 335.64s elapsed
1818Initiating NSE at 22:57
1819Completed NSE at 22:57, 1.64s elapsed
1820Nmap scan report for www.samsun.gov.tr (2.58.141.20)
1821Host is up (0.22s latency).
1822
1823PORT STATE SERVICE VERSION
182480/tcp open http Microsoft IIS httpd 8.5
1825| http-brute:
1826|_ Path "/" does not require authentication
1827|_http-chrono: Request times for /; avg: 3745.24ms; min: 2988.07ms; max: 4730.20ms
1828|_http-csrf: Couldn't find any CSRF vulnerabilities.
1829|_http-date: Fri, 18 Oct 2019 02:52:02 GMT; -3s from local time.
1830|_http-devframework: ASP.NET detected. Found related header.
1831|_http-dombased-xss: Couldn't find any DOM based XSS.
1832|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1833|_http-errors: Couldn't find any error pages.
1834|_http-feed: Couldn't find any feeds.
1835|_http-fetch: Please enter the complete path of the directory to save data in.
1836| http-grep:
1837| (2) http://www.samsun.gov.tr:80/:
1838| (1) ip:
1839| + 10.0.100.85
1840| (1) email:
1841| + valilik@samsun.gov.tr
1842| (1) http://www.samsun.gov.tr:80/bilgi-islem-sube-mudurlugu1:
1843| (1) email:
1844| + bilgiislem@samsun.gov.tr
1845| (1) http://www.samsun.gov.tr:80/yikob:
1846| (1) email:
1847| + bilgi@samsunyikob.gov.tr
1848| (1) http://www.samsun.gov.tr:80/samsun-ticaret-il-mudurlugu:
1849| (1) email:
1850|_ + samsun.tim@ticaret.gov.tr
1851| http-headers:
1852| Cache-Control: private, no-store, max-age=180
1853| X-Via-NSCOPI: 1.0
1854| Transfer-Encoding: chunked
1855| Content-Type: text/html; charset=utf-8
1856| Expires: Fri, 18 Oct 2019 02:55:02 GMT
1857| Last-Modified: Fri, 18 Oct 2019 02:52:02 GMT
1858| Vary: *
1859| Server: Microsoft-IIS/10.0
1860| Set-Cookie: ASP.NET_SessionId=xuuc1qyrf30qyxcc4tc3xw1f; path=/; HttpOnly
1861| X-AspNetMvc-Version: 5.2
1862| X-AspNet-Version: 4.0.30319
1863| X-Powered-By: ASP.NET
1864| Date: Fri, 18 Oct 2019 02:52:02 GMT
1865| Set-Cookie: NSC_ESNS=80d32581-28bf-1da9-9678-ba8b1843e7c4_3963737624_1869386294_00000000019340508528; Path=/; Expires=Fri, 18-Oct-2019 02:52:17 GMT
1866| Cache-Control: no-cache
1867|
1868|_ (Request type: HEAD)
1869|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1870| http-methods:
1871| Supported Methods: OPTIONS TRACE GET HEAD POST
1872|_ Potentially risky methods: TRACE
1873|_http-mobileversion-checker: No mobile version detected.
1874| http-php-version: Logo query returned unknown hash ad002f72a4c8f57f774bff54a70788d3
1875|_Credits query returned unknown hash 0d4398e48322fba3de44ec69c8588901
1876| http-robots.txt: 5 disallowed entries
1877| /kullanicilar /ortak_icerik /kurumlar /Kurumlar
1878|_/Kullanicilar
1879| http-security-headers:
1880| Cache_Control:
1881| Header: Cache-Control: private, no-store, max-age=180, no-cache
1882| Expires:
1883|_ Header: Expires: Fri, 18 Oct 2019 02:55:12 GMT
1884| http-server-header:
1885| Microsoft-IIS/10.0
1886|_ Microsoft-IIS/8.5
1887| http-sitemap-generator:
1888| Directory structure:
1889| /
1890| Other: 15
1891| /WebPart/
1892| Other: 2
1893| /kurumlar/isay.gov.tr/Valilik/
1894| png: 3
1895| Longest directory structure:
1896| Depth: 3
1897| Dir: /kurumlar/isay.gov.tr/Valilik/
1898| Total files found (by extension):
1899|_ Other: 17; png: 3
1900|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1901|_http-title: T.C. SAMSUN VAL\xC4\xB0L\xC4\xB0\xC4\x9E\xC4\xB0
1902| http-traceroute:
1903| last-modified
1904| Hop #1: Fri, 18 Oct 2019 02:52:02 GMT
1905| Hop #2: Fri, 18 Oct 2019 02:52:05 GMT
1906|_ Hop #3: Fri, 18 Oct 2019 02:52:07 GMT
1907| http-vhosts:
1908| ns0.samsun.gov.tr
1909| mail3.samsun.gov.tr
1910| www.samsun.gov.tr : 200
1911|_124 names had status 302
1912|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
1913| http-waf-fingerprint:
1914| Detected WAF
1915|_ Citrix Netscaler
1916|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1917|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1918|_http-xssed: No previously reported XSS vuln.
1919| vulscan: VulDB - https://vuldb.com:
1920| [68193] Microsoft IIS 8.0/8.5 IP and Domain Restriction privilege escalation
1921| [48519] Microsoft Works 8.5/9.0 memory corruption
1922| [45763] Microsoft Windows Live Messenger up to 8.5.1 unknown vulnerability
1923| [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
1924| [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
1925| [134730] Microsoft Skype 8.35 on Android Bluetooth Listening information disclosure
1926| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
1927| [126799] Microsoft Dynamics 365 8 Web Request Code Execution
1928| [126798] Microsoft Dynamics 365 8 Web Request cross site scripting
1929| [126797] Microsoft Dynamics 365 8 Web Request cross site scripting
1930| [126796] Microsoft Dynamics 365 8 Web Request cross site scripting
1931| [126795] Microsoft Dynamics 365 8 Web Request cross site scripting
1932| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
1933| [121108] Microsoft Mail Client 8.1 information disclosure
1934| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
1935| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
1936| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
1937| [100989] Microsoft Internet Explorer 8/9/10/11 memory corruption
1938| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
1939| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
1940| [93988] Microsoft Desktop Client for Mac up to 8.0.36 privilege escalation
1941| [93755] Microsoft Internet Explorer 8 Ls\xC2\xADFind\xC2\xADSpan\xC2\xADVisual\xC2\xADBoundaries memory corruption
1942| [93535] Microsoft Internet Explorer 8/9/10/11 Regex vbscript.dll RegExpComp::PnodeParse memory corruption
1943| [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption
1944| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
1945| [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation
1946| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
1947| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
1948| [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO information disclosure
1949| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
1950| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
1951| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
1952| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
1953| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
1954| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
1955| [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal memory corruption
1956| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
1957| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
1958| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
1959| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
1960| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
1961| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
1962| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
1963| [80844] Microsoft Internet Explorer 8/9/10/11 MSHTML MSHTML!Method_VARIANTBOOLp_BSTR_o0oVARIANT memory corruption
1964| [80209] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript memory corruption
1965| [79462] Microsoft Internet Explorer 8/9/10/11 memory corruption
1966| [79460] Microsoft Internet Explorer 8/9 memory corruption
1967| [79458] Microsoft Internet Explorer 8/9 memory corruption
1968| [79457] Microsoft Internet Explorer 8/9 memory corruption
1969| [79455] Microsoft Internet Explorer 8/9/10/11 XSS Filter privilege escalation
1970| [79449] Microsoft Internet Explorer 8/9/10/11 XSS Filter privilege escalation
1971| [79448] Microsoft Internet Explorer 8/9/10/11 Scripting Engine memory corruption
1972| [79447] Microsoft Internet Explorer 8/9/10/11 Scripting Engine information disclosure
1973| [79445] Microsoft Internet Explorer 8/9/10/11 memory corruption
1974| [79162] Microsoft Internet Explorer 8/9/10/11 Scripting Engine memory corruption
1975| [79155] Microsoft Internet Explorer 8/9/10/11 memory corruption
1976| [79143] Microsoft Internet Explorer 8/9/10/11 memory corruption
1977| [78390] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine information disclosure
1978| [78386] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine memory corruption
1979| [78384] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine ASLR privilege escalation
1980| [78379] Microsoft Internet Explorer 8/9/10/11 EditWith Broker privilege escalation
1981| [78377] Microsoft Internet Explorer 8 privilege escalation
1982| [78362] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine RegExpBase::FBadHeader memory corruption
1983| [77605] Microsoft Internet Explorer 8 VBScript/JScript Engine memory corruption
1984| [77006] Microsoft Internet Explorer 8/9/10/11 memory corruption
1985| [77004] Microsoft Internet Explorer 8/9/10/11 memory corruption
1986| [76490] Microsoft Internet Explorer 8/9/10/11 Image Caching History information disclosure
1987| [76482] Microsoft Internet Explorer 8 memory corruption
1988| [76479] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
1989| [76474] Microsoft Internet Explorer 8/9 memory corruption
1990| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
1991| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
1992| [76437] Microsoft Internet Explorer 8/9 memory corruption
1993| [75780] Microsoft Internet Explorer 8 memory corruption
1994| [75707] Cisco Unified MeetingPlace for Microsoft Outlook 8.6(1.2)/ 8.6(1.9) cross site scripting
1995| [75322] Microsoft Internet Explorer 8/9 memory corruption
1996| [75319] Microsoft Internet Explorer 8/9/10/11 memory corruption
1997| [75311] Microsoft Internet Explorer 8/9 memory corruption
1998| [75308] Microsoft Internet Explorer 8/9/10/11 VBscript and JScript Engine privilege escalation
1999| [75306] Microsoft Internet Explorer 8/9/10/11 VBScript Engine privilege escalation
2000| [74856] Microsoft Internet Explorer 8/9/10/11 memory corruption
2001| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
2002| [73946] Microsoft Internet Explorer 8/9/10/11 memory corruption
2003| [73943] Microsoft Internet Explorer 8 memory corruption
2004| [73939] Microsoft Internet Explorer 8/9/10/11 VBScript Engine memory corruption
2005| [69137] Microsoft Internet Explorer 8 ASLR privilege escalation
2006| [69136] Microsoft Internet Explorer 8/9 MSHTML SpanQualifier memory corruption
2007| [69135] Microsoft Internet Explorer 8/10 memory corruption
2008| [69131] Microsoft Internet Explorer 8/9 memory corruption
2009| [69130] Microsoft Internet Explorer 8/9/10/11 memory corruption
2010| [68400] Microsoft Internet Explorer 8 memory corruption
2011| [68393] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
2012| [68389] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
2013| [68181] Microsoft Internet Explorer 8/9/10/11 memory corruption
2014| [68176] Microsoft Internet Explorer 8/9/10/11 information disclosure
2015| [68174] Microsoft Internet Explorer 8/9 memory corruption
2016| [68169] Microsoft Internet Explorer 8/9 ASLR privilege escalation
2017| [68211] Microsoft Internet Explorer 8/9/10/11 denial of service
2018| [67821] Microsoft Internet Explorer 8/9/10/11 CAttrArray memory corruption
2019| [67813] Microsoft Internet Explorer 8 memory corruption
2020| [67500] Microsoft Internet Explorer 8/9/10/11 memory corruption
2021| [67494] Microsoft Internet Explorer 8/9/10/11 memory corruption
2022| [67345] Microsoft Internet Explorer 8/9/10/11 memory corruption
2023| [67340] Microsoft Internet Explorer 8 memory corruption
2024| [67337] Microsoft Internet Explorer 8/9 memory corruption
2025| [67007] Microsoft Internet Explorer 8/9/10/11 memory corruption
2026| [67006] Microsoft Internet Explorer 8/9/10 memory corruption
2027| [67002] Microsoft Internet Explorer 8/9/10/11 memory corruption
2028| [67000] Microsoft Internet Explorer 8/9/10/11 memory corruption
2029| [66995] Microsoft Internet Explorer 8/9/10/11 memory corruption
2030| [13542] Microsoft Internet Explorer 8/9/10/11 privilege escalation
2031| [13536] Microsoft Internet Explorer 8 memory corruption
2032| [13518] Microsoft Internet Explorer 8 memory corruption
2033| [13515] Microsoft Internet Explorer 8/9/10/11 memory corruption
2034| [13509] Microsoft Internet Explorer 8 memory corruption
2035| [13499] Microsoft Internet Explorer 8 memory corruption
2036| [13496] Microsoft Internet Explorer 8/9/10/11 privilege escalation
2037| [13027] Microsoft Internet Explorer 8/9 information disclosure
2038| [66605] Microsoft Internet Explorer 8/9/10/11 memory corruption
2039| [12543] Microsoft Internet Explorer 8/9/10/11 memory corruption
2040| [12541] Microsoft Internet Explorer 8/9/10 memory corruption
2041| [12540] Microsoft Internet Explorer 8/9/10/11 memory corruption
2042| [12538] Microsoft Internet Explorer 8/9 memory corruption
2043| [12531] Microsoft Internet Explorer 8/9/10/11 memory corruption
2044| [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control information disclosure
2045| [12252] Microsoft Internet Explorer 8 memory corruption
2046| [12245] Microsoft Internet Explorer 8/9/10/11 memory corruption
2047| [12239] Microsoft Internet Explorer 8/9/10/11 privilege escalation
2048| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
2049| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
2050| [11141] Microsoft Internet Explorer 8/9/10/11 CCaret Object Use-After-Free memory corruption
2051| [11138] Microsoft Internet Explorer 8/9/10/11 CTreePos Object memory corruption
2052| [10623] Microsoft Internet Explorer 8/9 memory corruption
2053| [10215] Microsoft Internet Explorer 8/9 memory corruption
2054| [10214] Microsoft Internet Explorer 8/9/10 memory corruption
2055| [9935] Microsoft Internet Explorer 8/9 memory corruption
2056| [9934] Microsoft Internet Explorer 8/9/10 memory corruption
2057| [9933] Microsoft Internet Explorer 8/9 memory corruption
2058| [9932] Microsoft Internet Explorer 8/9 memory corruption
2059| [10246] Microsoft Internet Explorer 8 Table Tree Use-After-Free memory corruption
2060| [9419] Microsoft Internet Explorer up to 8 memory corruption
2061| [9418] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
2062| [9413] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
2063| [9406] Microsoft Internet Explorer 8/9/10 memory corruption
2064| [9099] Microsoft Internet Explorer 8/9 Use-After-Free memory corruption
2065| [9098] Microsoft Internet Explorer 8 memory corruption
2066| [9095] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
2067| [9084] Microsoft Internet Explorer 8/9/10 _UpdateButtonLocation memory corruption
2068| [9083] Microsoft Internet Explorer 8/9 memory corruption
2069| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
2070| [8718] Microsoft Internet Explorer 8 memory corruption
2071| [8714] Microsoft Internet Explorer 8/9 memory corruption
2072| [8712] Microsoft Internet Explorer 8/9 memory corruption
2073| [8601] Microsoft Internet Explorer 8 'vtable' memory corruption
2074| [8423] Microsoft Internet Explorer up to 8.00.6001.18702 CSS iexplorer.exe denial of service
2075| [7962] Microsoft Internet Explorer up to 8 CTreeNode memory corruption
2076| [7958] Microsoft Internet Explorer up to 8 Celement memory corruption
2077| [7996] Microsoft Windows 8 TrueType Font denial of service
2078| [63558] Microsoft Internet Explorer 8 Use-After-Free memory corruption
2079| [63557] Microsoft Internet Explorer 8/9 Use-After-Free memory corruption
2080| [7511] Microsoft Internet Explorer 8/9 TCP Session information disclosure
2081| [7510] Microsoft Internet Explorer 8/9 HTTP/HTTPS Request spoofing
2082| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
2083| [7199] Microsoft Internet Explorer 8/9 mshtml.dll Unclosed Tags Sequence denial of service
2084| [6513] Microsoft Internet Explorer 8/9 OnMove Engine Use-After-Free memory corruption
2085| [5937] Microsoft Internet Explorer 8/9 JavaScript Parser memory corruption
2086| [5538] Microsoft Internet Explorer 8 Same ID Property Deleted Object memory corruption
2087| [5532] Microsoft Internet Explorer 8/9 HTML Sanitization toStaticHTML String information disclosure
2088| [5530] Microsoft Internet Explorer 8/9 OnRowsInserted Elements memory corruption
2089| [5516] Microsoft Internet Explorer 8/9 memory corruption
2090| [4467] Microsoft Internet Explorer 8 cross site scripting
2091| [4454] Microsoft Internet Explorer 8/9 unknown vulnerability
2092| [59618] Microsoft Internet Explorer 8 unknown vulnerability
2093| [57681] Microsoft Internet Explorer 8/9 memory corruption
2094| [57675] Microsoft Internet Explorer 8 memory corruption
2095| [4372] Microsoft Internet Explorer 8/9 information disclosure
2096| [57130] Microsoft Internet Explorer 8 on Win7 msxml.dll unknown vulnerability
2097| [4340] Microsoft Internet Explorer up to 8 unknown vulnerability
2098| [56786] Microsoft Internet Explorer 8 on Win7 unknown vulnerability
2099| [56785] Microsoft Internet Explorer 8 on Win7 memory corruption
2100| [56412] Microsoft Internet Explorer 8 IEShims.dll unknown vulnerability
2101| [55755] Microsoft Internet Explorer 8 memory corruption
2102| [54961] Microsoft Internet Explorer 8 mshtml.dll InsertIntoTimeoutList information disclosure
2103| [4172] Microsoft Internet Explorer up to 8 CSS cross site scripting
2104| [54339] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
2105| [53805] Microsoft Internet Explorer 8 unknown vulnerability
2106| [53514] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
2107| [53513] Microsoft Internet Explorer 8 memory corruption
2108| [4137] Microsoft Internet Explorer up to 8.0 memory corruption
2109| [4121] Microsoft Internet Explorer 8 XSS Filter cross site scripting
2110| [52505] Microsoft Internet Explorer 8 mstime.dll memory corruption
2111| [52373] Microsoft Internet Explorer 8 on Win7 Use-After-Free memory corruption
2112| [52372] Microsoft Internet Explorer 8 on Win7 Heap-based memory corruption
2113| [51652] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
2114| [51651] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
2115| [50914] Microsoft Internet Explorer 8 cross site scripting
2116| [50910] Microsoft Internet Explorer 8 unknown vulnerability
2117| [4048] Microsoft Internet Explorer up to 8 CSS Declaration memory corruption
2118| [4047] Microsoft Internet Explorer up to 8 DOM Object memory corruption
2119| [4046] Microsoft Internet Explorer up to 8 HTML memory corruption
2120| [3987] Microsoft Internet Explorer up to 8 Row Reference memory corruption
2121| [3982] Microsoft Internet Explorer up to 8 DHTML Call memory corruption
2122| [47244] Microsoft Internet Explorer 8 on Win 7 memory corruption
2123| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
2124| [45451] Microsoft Internet Explorer 8 XSS Filter cross site scripting
2125| [45450] Microsoft Internet Explorer 8 XSS Filter Protection cross site scripting
2126| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
2127| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
2128| [45447] Microsoft Internet Explorer 8 XSS Filter cross site scripting
2129| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
2130| [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption
2131| [34991] Microsoft Visual Studio 8.0 msvcr80.dll denial of service
2132| [33589] Microsoft Windows Live Messenger up to 8.0 denial of service
2133|
2134| MITRE CVE - https://cve.mitre.org:
2135| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
2136| [CVE-2011-1215] Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
2137| [CVE-2010-3496] McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
2138| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
2139| [CVE-2009-3032] Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
2140| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
2141| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
2142| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
2143| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
2144| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
2145| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
2146| [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
2147| [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
2148| [CVE-2004-1312] A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
2149| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
2150| [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
2151| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
2152| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
2153| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
2154| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
2155| [CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
2156| [CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
2157| [CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.
2158| [CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
2159| [CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.
2160| [CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110.
2161| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
2162| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
2163| [CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111.
2164| [CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
2165| [CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141.
2166| [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report.
2167| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
2168| [CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
2169| [CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.
2170| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
2171| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
2172| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
2173| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
2174| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
2175| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
2176| [CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
2177| [CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811.
2178| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
2179| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
2180| [CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
2181| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
2182| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
2183| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
2184| [CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
2185| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
2186| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
2187| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
2188| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
2189| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
2190| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
2191| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
2192| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
2193| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2194| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
2195| [CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307.
2196| [CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
2197| [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
2198| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
2199| [CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
2200| [CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
2201| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
2202| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
2203| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
2204| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
2205| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
2206| [CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
2207| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
2208| [CVE-2012-2523] Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
2209| [CVE-2012-1881] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
2210| [CVE-2012-1875] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
2211| [CVE-2012-1874] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
2212| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
2213| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
2214| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
2215| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
2216| [CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
2217| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
2218| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
2219| [CVE-2012-1523] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
2220| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
2221| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
2222| [CVE-2012-0172] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
2223| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
2224| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
2225| [CVE-2011-2382] Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
2226| [CVE-2011-1999] Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
2227| [CVE-2011-1996] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
2228| [CVE-2011-1992] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
2229| [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
2230| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
2231| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
2232| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
2233| [CVE-2011-1266] The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
2234| [CVE-2011-1260] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
2235| [CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
2236| [CVE-2011-1257] Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
2237| [CVE-2011-1256] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
2238| [CVE-2011-1255] The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
2239| [CVE-2011-1254] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
2240| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
2241| [CVE-2011-1251] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
2242| [CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."
2243| [CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
2244| [CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
2245| [CVE-2011-0038] Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
2246| [CVE-2011-0036] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.
2247| [CVE-2011-0035] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.
2248| [CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
2249| [CVE-2010-3971] Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
2250| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
2251| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
2252| [CVE-2010-3886] The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
2253| [CVE-2010-3348] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
2254| [CVE-2010-3346] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
2255| [CVE-2010-3345] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
2256| [CVE-2010-3342] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
2257| [CVE-2010-3331] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
2258| [CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
2259| [CVE-2010-3329] mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
2260| [CVE-2010-3328] Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
2261| [CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."
2262| [CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
2263| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
2264| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
2265| [CVE-2010-2560] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."
2266| [CVE-2010-2559] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.
2267| [CVE-2010-2558] Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."
2268| [CVE-2010-2556] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
2269| [CVE-2010-2442] Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
2270| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
2271| [CVE-2010-2118] Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
2272| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
2273| [CVE-2010-1991] Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
2274| [CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
2275| [CVE-2010-1262] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
2276| [CVE-2010-1261] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
2277| [CVE-2010-1260] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
2278| [CVE-2010-1259] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
2279| [CVE-2010-1258] Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."
2280| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
2281| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
2282| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
2283| [CVE-2010-0555] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.
2284| [CVE-2010-0494] Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
2285| [CVE-2010-0492] Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
2286| [CVE-2010-0490] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
2287| [CVE-2010-0255] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
2288| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
2289| [CVE-2010-0248] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
2290| [CVE-2010-0246] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
2291| [CVE-2010-0245] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
2292| [CVE-2010-0244] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
2293| [CVE-2010-0112] Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file
2294| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
2295| [CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
2296| [CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
2297| [CVE-2009-3674] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
2298| [CVE-2009-3673] Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
2299| [CVE-2009-3671] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
2300| [CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
2301| [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
2302| [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
2303| [CVE-2009-2536] Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
2304| [CVE-2009-2531] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.
2305| [CVE-2009-2530] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.
2306| [CVE-2009-2529] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
2307| [CVE-2009-2069] Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
2308| [CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
2309| [CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
2310| [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3
2311| [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
2312| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
2313| [CVE-2009-1016] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate.
2314| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
2315| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
2316| [CVE-2009-0084] Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
2317| [CVE-2009-0072] Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.
2318| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
2319| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
2320| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
2321| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
2322| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
2323| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
2324| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
2325| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
2326| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
2327| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
2328| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
2329| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
2330| [CVE-2008-4254] Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
2331| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
2332| [CVE-2008-4252] The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
2333| [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
2334| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
2335| [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
2336| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
2337| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
2338| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
2339| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
2340| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
2341| [CVE-2008-2948] Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
2342| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
2343| [CVE-2008-1544] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
2344| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
2345| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
2346| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
2347| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
2348| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
2349| [CVE-2007-5277] Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
2350| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
2351| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
2352| [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
2353| [CVE-2007-0842] The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
2354| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
2355| [CVE-2007-0047] CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
2356| [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
2357| [CVE-2006-3654] Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.
2358| [CVE-2006-3653] wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.
2359| [CVE-2005-3568] db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
2360| [CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
2361| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
2362| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
2363| [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
2364| [CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
2365| [CVE-2002-2380] NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
2366| [CVE-2002-0797] Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
2367| [CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
2368|
2369| SecurityFocus - https://www.securityfocus.com/bid/:
2370| [582] Microsoft IIS And PWS 8.3 Directory Name Vulnerability
2371| [58847] Microsoft Windows Defender for Windows 8 and Windows RT Local Privilege Escalation Vulnerability
2372| [42467] Microsoft Internet Explorer 8 'toStaticHTML()' HTML Sanitization Bypass Weakness
2373| [40490] Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
2374| [37135] Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability
2375| [35941] Microsoft Internet Explorer 8 Denial of Service Vulnerability
2376|
2377| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2378| [40937] Microsoft Windows Knowledge Base Article 815495 update not installed
2379| [37226] Microsoft Windows Knowledge Base Article 815495 update not installed
2380| [19102] Microsoft Knowledge Base Article 885834 is not installed
2381| [19090] Microsoft Knowledge Base Article 885250 is not installed
2382| [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed
2383| [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed
2384| [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed
2385| [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass
2386| [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation
2387| [57338] Microsoft Internet Explorer 8 Developer Tools code execution
2388| [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed
2389| [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed
2390| [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed
2391| [22155] Microsoft Knowledge Base Article 896688 is not installed
2392| [22072] Microsoft Knowledge Base Article 899587 is not installed
2393| [22071] Microsoft Knowledge Base Article 896428 is not installed
2394| [22069] Microsoft Knowledge Base Article 890859 is not installed
2395| [22068] Microsoft Knowledge Base Article 890046 is not installed
2396| [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed
2397| [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed
2398| [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed
2399| [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed
2400| [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed
2401| [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed
2402| [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed
2403| [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed
2404| [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed
2405| [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed
2406| [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed
2407| [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed
2408| [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed
2409| [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed
2410| [19875] Microsoft Knowledge Base Article 893066 is not installed
2411| [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed
2412| [19252] Microsoft Knowledge Base Article 890261 is not installed
2413| [19141] Microsoft Knowledge Base Article 867282 is not installed
2414| [19118] Microsoft Knowledge Base Article 890047 is not installed
2415| [19116] Microsoft Knowledge Base Article 891781 is not installed
2416| [19112] Microsoft Knowledge Base Article 873352 is not installed
2417| [19111] Microsoft Knowledge Base Article 888113 is not installed
2418| [19106] Microsoft Knowledge Base Article 873333 is not installed
2419| [19095] Microsoft Knowledge Base Article 888302 is not installed
2420| [19092] Microsoft Knowledge Base Article 887981 is not installed
2421| [18944] Microsoft Knowledge Base Article 886185 is not installed
2422| [18770] Microsoft Knowledge Base Article 890175 is not installed
2423| [18769] Microsoft Knowledge Base Article 887219 is not installed
2424| [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed
2425| [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed
2426| [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed
2427| [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed
2428| [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed
2429|
2430| Exploit-DB - https://www.exploit-db.com:
2431| [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities
2432| [31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability
2433| [30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability
2434| [28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities
2435| [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability
2436|
2437| OpenVAS (Nessus) - http://www.openvas.org:
2438| [902914] Microsoft IIS GET Request Denial of Service Vulnerability
2439| [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability
2440| [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
2441| [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
2442| [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
2443| [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
2444| [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability
2445| [900567] Microsoft IIS Security Bypass Vulnerability (970483)
2446| [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability
2447| [801669] Microsoft Windows IIS FTP Server DOS Vulnerability
2448| [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability
2449| [100952] Microsoft IIS FTPd NLST stack overflow
2450| [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability
2451| [10680] Test Microsoft IIS Source Fragment Disclosure
2452| [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
2453| [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045)
2454| [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)
2455| [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847)
2456| [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)
2457| [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830)
2458| [903017] Microsoft Office Remote Code Execution Vulnerability (2639185)
2459| [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
2460| [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)
2461| [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
2462| [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
2463| [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451)
2464| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
2465| [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184)
2466| [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913)
2467| [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135)
2468| [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
2469| [902920] Microsoft Office Remote Code Execution Vulnerability (2731879)
2470| [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
2471| [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
2472| [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
2473| [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X)
2474| [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352)
2475| [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)
2476| [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities
2477| [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
2478| [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
2479| [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
2480| [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992)
2481| [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
2482| [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
2483| [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
2484| [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability
2485| [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
2486| [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
2487| [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
2488| [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
2489| [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
2490| [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
2491| [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
2492| [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
2493| [902798] Microsoft SMB Signing Enabled and Not Required At Server
2494| [902797] Microsoft SMB Signing Information Disclosure Vulnerability
2495| [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
2496| [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
2497| [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
2498| [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
2499| [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
2500| [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
2501| [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
2502| [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
2503| [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465)
2504| [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226)
2505| [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
2506| [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
2507| [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
2508| [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)
2509| [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177)
2510| [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939)
2511| [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
2512| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
2513| [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)
2514| [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
2515| [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157)
2516| [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
2517| [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability
2518| [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
2519| [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability
2520| [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
2521| [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444)
2522| [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
2523| [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
2524| [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
2525| [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)
2526| [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
2527| [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048)
2528| [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)
2529| [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
2530| [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
2531| [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670)
2532| [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634)
2533| [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621)
2534| [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
2535| [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
2536| [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
2537| [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
2538| [902518] Microsoft .NET Framework Security Bypass Vulnerability
2539| [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
2540| [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
2541| [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)
2542| [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
2543| [902495] Microsoft Office Remote Code Execution Vulnerability (2590602)
2544| [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
2545| [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702)
2546| [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)
2547| [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)
2548| [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
2549| [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978)
2550| [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
2551| [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847)
2552| [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893)
2553| [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2554| [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275)
2555| [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814)
2556| [902425] Microsoft Windows SMB Accessible Shares
2557| [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510)
2558| [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
2559| [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
2560| [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
2561| [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
2562| [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
2563| [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
2564| [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
2565| [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293)
2566| [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047)
2567| [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
2568| [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
2569| [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
2570| [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)
2571| [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
2572| [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953)
2573| [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960)
2574| [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)
2575| [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
2576| [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
2577| [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
2578| [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678)
2579| [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
2580| [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420)
2581| [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970)
2582| [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
2583| [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
2584| [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
2585| [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679)
2586| [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
2587| [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability
2588| [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability
2589| [902254] Microsoft Office Products Insecure Library Loading Vulnerability
2590| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
2591| [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
2592| [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011)
2593| [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886)
2594| [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799)
2595| [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
2596| [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168)
2597| [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
2598| [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
2599| [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)
2600| [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212)
2601| [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability
2602| [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
2603| [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
2604| [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381)
2605| [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability
2606| [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213)
2607| [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
2608| [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
2609| [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232)
2610| [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160)
2611| [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
2612| [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
2613| [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182)
2614| [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10
2615| [902133] Microsoft Office Excel Multiple Vulnerabilities (980150)
2616| [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935)
2617| [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
2618| [902115] Microsoft Kerberos Denial of Service Vulnerability (977290)
2619| [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
2620| [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)
2621| [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707)
2622| [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329)
2623| [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852)
2624| [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
2625| [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
2626| [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2627| [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)
2628| [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094)
2629| [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816)
2630| [902033] Microsoft Windows '.ani' file Denial of Service vulnerability
2631| [902015] Microsoft Paint Remote Code Execution Vulnerability (978706)
2632| [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809)
2633| [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857)
2634| [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
2635| [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660)
2636| [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
2637| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
2638| [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926)
2639| [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448)
2640| [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947)
2641| [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)
2642| [901183] Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
2643| [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
2644| [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089)
2645| [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930)
2646| [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
2647| [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
2648| [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
2649| [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
2650| [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)
2651| [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290)
2652| [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)
2653| [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461)
2654| [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218)
2655| [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858)
2656| [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207)
2657| [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
2658| [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183)
2659| [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
2660| [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)
2661| [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
2662| [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309)
2663| [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
2664| [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
2665| [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307)
2666| [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
2667| [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
2668| [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
2669| [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability
2670| [900956] Microsoft Windows Patterns & Practices EntLib Version Detection
2671| [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
2672| [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
2673| [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)
2674| [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09
2675| [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09
2676| [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09
2677| [900887] Microsoft Office Excel Multiple Vulnerabilities (972652)
2678| [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
2679| [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059)
2680| [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
2681| [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
2682| [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
2683| [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
2684| [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
2685| [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
2686| [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability
2687| [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
2688| [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
2689| [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability
2690| [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability
2691| [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883)
2692| [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
2693| [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
2694| [900808] Microsoft Visual Products Version Detection
2695| [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability
2696| [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10
2697| [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)
2698| [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856)
2699| [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
2700| [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
2701| [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953)
2702| [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
2703| [900568] Microsoft Windows Search Script Execution Vulnerability (963093)
2704| [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
2705| [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557)
2706| [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
2707| [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability
2708| [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
2709| [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability
2710| [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability
2711| [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516)
2712| [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites
2713| [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514)
2714| [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09
2715| [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability
2716| [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
2717| [900314] Microsoft XML Core Service Information Disclosure Vulnerability
2718| [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability
2719| [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
2720| [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
2721| [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)
2722| [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)
2723| [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
2724| [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
2725| [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)
2726| [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
2727| [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
2728| [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
2729| [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)
2730| [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
2731| [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
2732| [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)
2733| [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
2734| [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434)
2735| [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)
2736| [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2737| [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386)
2738| [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)
2739| [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902)
2740| [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
2741| [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
2742| [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
2743| [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)
2744| [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683)
2745| [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402)
2746| [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561)
2747| [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
2748| [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
2749| [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214)
2750| [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)
2751| [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
2752| [900192] Microsoft Internet Explorer Information Disclosure Vulnerability
2753| [900187] Microsoft Internet Explorer Argument Injection Vulnerability
2754| [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability
2755| [900173] Microsoft Windows Media Player Version Detection
2756| [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability
2757| [900170] Microsoft iExplorer '&NBSP
2758| [900131] Microsoft Internet Explorer Denial of Service Vulnerability
2759| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
2760| [900120] Microsoft Organization Chart Remote Code Execution Vulnerability
2761| [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
2762| [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
2763| [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
2764| [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
2765| [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
2766| [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
2767| [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
2768| [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
2769| [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
2770| [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
2771| [900048] Microsoft Excel Remote Code Execution Vulnerability (956416)
2772| [900047] Microsoft Office nformation Disclosure Vulnerability (957699)
2773| [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047)
2774| [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)
2775| [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
2776| [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
2777| [900025] Microsoft Office Version Detection
2778| [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability
2779| [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
2780| [855384] Solaris Update for snmp/mibiisa 108870-36
2781| [855273] Solaris Update for snmp/mibiisa 108869-36
2782| [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
2783| [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
2784| [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)
2785| [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
2786| [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
2787| [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
2788| [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)
2789| [802726] Microsoft SMB Signing Disabled
2790| [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities
2791| [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
2792| [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
2793| [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655)
2794| [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability
2795| [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)
2796| [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
2797| [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
2798| [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability
2799| [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities
2800| [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
2801| [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability
2802| [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability
2803| [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows)
2804| [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637)
2805| [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
2806| [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
2807| [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities
2808| [801934] Microsoft Silverlight Version Detection
2809| [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
2810| [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability
2811| [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability
2812| [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
2813| [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
2814| [801721] Microsoft Active Directory Denial of Service Vulnerability (953235)
2815| [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
2816| [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213)
2817| [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
2818| [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
2819| [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
2820| [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
2821| [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
2822| [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
2823| [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456)
2824| [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)
2825| [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
2826| [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
2827| [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities
2828| [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability
2829| [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
2830| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
2831| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
2832| [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
2833| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
2834| [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
2835| [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
2836| [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
2837| [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095)
2838| [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
2839| [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693)
2840| [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
2841| [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762)
2842| [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)
2843| [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349)
2844| [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
2845| [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
2846| [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565)
2847| [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)
2848| [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability
2849| [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
2850| [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10)
2851| [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10
2852| [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
2853| [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
2854| [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability
2855| [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
2856| [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
2857| [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
2858| [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities
2859| [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability
2860| [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
2861| [800902] Microsoft Internet Explorer XSS Vulnerability - July09
2862| [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09
2863| [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09
2864| [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
2865| [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
2866| [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2867| [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
2868| [800742] Microsoft Internet Explorer Unspecified vulnerability
2869| [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability
2870| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
2871| [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09
2872| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
2873| [800505] Microsoft HTML Help Workshop buffer overflow vulnerability
2874| [800504] Microsoft Windows XP SP3 denial of service vulnerability
2875| [800481] Microsoft SharePoint Cross Site Scripting Vulnerability
2876| [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
2877| [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
2878| [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
2879| [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
2880| [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
2881| [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)
2882| [800347] Microsoft Internet Explorer Clickjacking Vulnerability
2883| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
2884| [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability
2885| [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability
2886| [800331] Microsoft Windows Live Messenger Client Version Detection
2887| [800328] Integer Overflow vulnerability in Microsoft Windows Media Player
2888| [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability
2889| [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability
2890| [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability
2891| [800217] Microsoft Money Version Detection
2892| [800209] Microsoft Internet Explorer Version Detection (Win)
2893| [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
2894| [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
2895| [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability
2896| [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
2897| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
2898| [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127)
2899| [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902)
2900| [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969)
2901| [102015] Microsoft RPC Interface Buffer Overrun (KB824146)
2902| [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
2903| [101017] Microsoft MS03-018 security check
2904| [101016] Microsoft MS03-022 security check
2905| [101015] Microsoft MS03-034 security check
2906| [101014] Microsoft MS00-078 security check
2907| [101012] Microsoft MS03-051 security check
2908| [101010] Microsoft Security Bulletin MS05-004
2909| [101009] Microsoft Security Bulletin MS06-033
2910| [101007] Microsoft dotNET version grabber
2911| [101006] Microsoft Security Bulletin MS06-056
2912| [101005] Microsoft Security Bulletin MS07-040
2913| [101004] Microsoft MS04-017 security check
2914| [101003] Microsoft MS00-058 security check
2915| [101000] Microsoft MS00-060 security check
2916| [100950] Microsoft DNS server internal hostname disclosure detection
2917| [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability
2918| [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
2919| [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
2920| [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
2921| [100062] Microsoft Remote Desktop Protocol Detection
2922| [90024] Windows Vulnerability in Microsoft Jet Database Engine
2923| [80007] Microsoft MS00-06 security check
2924| [13752] Denial of Service (DoS) in Microsoft SMS Client
2925| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
2926| [11874] IIS Service Pack - 404
2927| [11808] Microsoft RPC Interface Buffer Overrun (823980)
2928| [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009)
2929| [11217] Microsoft's SQL Version Query
2930| [11177] Flaw in Microsoft VM Could Allow Code Execution (810030)
2931| [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380)
2932| [11142] IIS XSS via IDC error
2933| [11067] Microsoft's SQL Hello Overflow
2934| [11003] IIS Possible Compromise
2935| [10993] IIS ASP.NET Application Trace Enabled
2936| [10991] IIS Global.asa Retrieval
2937| [10936] IIS XSS via 404 error
2938| [10862] Microsoft's SQL Server Brute Force
2939| [10755] Microsoft Exchange Public Folders Information Leak
2940| [10732] IIS 5.0 WebDav Memory Leakage
2941| [10699] IIS FrontPage DoS II
2942| [10695] IIS .IDA ISAPI filter applied
2943| [10674] Microsoft's SQL UDP Info Query
2944| [10673] Microsoft's SQL Blank Password
2945| [10671] IIS Remote Command Execution
2946| [10667] IIS 5.0 PROPFIND Vulnerability
2947| [10661] IIS 5 .printer ISAPI filter applied
2948| [10657] NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability
2949| [10585] IIS FrontPage DoS
2950| [10576] Check for dangerous IIS default files
2951| [10575] Check for IIS .cnf file leakage
2952| [10573] IIS 5.0 Sample App reveals physical path of web root
2953| [10572] IIS 5.0 Sample App vulnerable to cross-site scripting attack
2954| [10537] IIS directory traversal
2955| [10492] IIS IDA/IDQ Path Disclosure
2956| [10491] ASP/ASA source using Microsoft Translate f: bug
2957| [10144] Microsoft SQL TCP/IP listener is running
2958|
2959| SecurityTracker - https://www.securitytracker.com:
2960| [1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
2961| [1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords
2962| [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users
2963| [1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service
2964| [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service
2965| [1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls
2966| [1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service
2967| [1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code
2968| [1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests
2969| [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files
2970| [1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases
2971| [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service
2972| [1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code
2973| [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases
2974| [1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users
2975| [1008563] Microsoft IIS Fails to Log HTTP TRACK Requests
2976| [1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators
2977| [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
2978| [1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service
2979| [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
2980| [1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users
2981| [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code
2982| [1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files
2983| [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server
2984| [1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks
2985| [1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server
2986| [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers
2987| [1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service
2988| [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code
2989| [1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code
2990| [1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs
2991| [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services
2992| [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service
2993| [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server
2994| [1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server
2995| [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected
2996| [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries
2997| [1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information
2998| [1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code
2999| [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash
3000| [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users
3001| [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem
3002| [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall
3003| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
3004| [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error
3005| [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command
3006| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
3007| [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts
3008| [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users
3009| [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User
3010|
3011| OSVDB - http://www.osvdb.org:
3012| [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS
3013| [65218] Microsoft IE 8 Developer Tools ActiveX Remote Code Execution
3014| [87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS
3015| [87262] Microsoft IIS FTP Command Injection Information Disclosure
3016| [87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure
3017| [86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure
3018| [83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure
3019| [83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization
3020| [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure
3021| [82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass
3022| [76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS
3023| [71856] Microsoft IIS Status Header Handling Remote Overflow
3024| [70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow
3025| [67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass
3026| [67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow
3027| [67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS
3028| [66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass
3029| [65216] Microsoft IIS Extended Protection for Authentication Memory Corruption
3030| [62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS
3031| [61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation
3032| [61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass
3033| [61249] Microsoft IIS ctss.idc table Parameter SQL Injection
3034| [59892] Microsoft IIS Malformed Host Header Remote DoS
3035| [59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
3036| [59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
3037| [59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS
3038| [57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS
3039| [57589] Microsoft IIS FTP Server NLST Command Remote Overflow
3040| [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass
3041| [55269] Microsoft IIS Traversal GET Request Remote DoS
3042| [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass
3043| [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing
3044| [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS
3045| [52238] Microsoft IIS IDC Extension XSS
3046| [49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation
3047| [49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS
3048| [49059] Microsoft IIS IPP Service Unspecified Remote Overflow
3049| [45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass
3050| [43451] Microsoft IIS HTTP Request Smuggling
3051| [41456] Microsoft IIS File Change Handling Local Privilege Escalation
3052| [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution
3053| [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
3054| [41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation
3055| [41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass
3056| [35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution
3057| [33457] Microsoft IIS Crafted TCP Connection Range Header DoS
3058| [28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
3059| [27152] Microsoft Windows IIS ASP Page Processing Overflow
3060| [27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
3061| [23590] Microsoft IIS Traversal Arbitrary FPSE File Access
3062| [21805] Microsoft IIS Crafted URL Remote DoS
3063| [21537] Microsoft IIS Log File Permission Weakness Remote Modification
3064| [18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
3065| [17124] Microsoft IIS Malformed WebDAV Request DoS
3066| [17123] Microsoft IIS Multiple Unspecified Admin Pages XSS
3067| [17122] Microsoft IIS Permission Weakness .COM File Upload
3068| [15749] Microsoft IIS / Site Server code.asp Arbitrary File Access
3069| [15342] Microsoft IIS Persistent FTP Banner Information Disclosure
3070| [14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
3071| [13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing
3072| [13760] Microsoft IIS Malformed URL Request DoS
3073| [13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow
3074| [13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS
3075| [13558] Microsoft IIS SSL Request Resource Exhaustion DoS
3076| [13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access
3077| [13479] Microsoft IIS for Far East Parsed Page Source Disclosure
3078| [13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure
3079| [13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS
3080| [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
3081| [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
3082| [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure
3083| [13430] Microsoft IIS aexp4.htr Password Policy Bypass
3084| [13429] Microsoft IIS aexp3.htr Password Policy Bypass
3085| [13428] Microsoft IIS aexp2b.htr Password Policy Bypass
3086| [13427] Microsoft IIS aexp2.htr Password Policy Bypass
3087| [13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure
3088| [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS
3089| [11455] Microsoft IIS / PWS DOS Filename Request Access Bypass
3090| [11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure
3091| [11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure
3092| [11257] Microsoft IIS Malformed GET Request DoS
3093| [11157] Microsoft IIS FTP Service PASV Connection Saturation DoS
3094| [11101] Microsoft IIS Multiple Slash ASP Page Request DoS
3095| [9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure
3096| [9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution
3097| [9200] Microsoft IIS Unspecified XSS Variant
3098| [9199] Microsoft IIS shtml.dll XSS
3099| [8098] Microsoft IIS Virtual Directory ASP Source Disclosure
3100| [7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
3101| [7737] Microsoft IIS ASP Redirection Function XSS
3102| [7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking
3103| [5851] Microsoft IIS Single Dot Source Code Disclosure
3104| [5736] Microsoft IIS Relative Path System Privilege Escalation
3105| [5693] Microsoft MS00-060 Patch IIS Malformed Request DoS
3106| [5633] Microsoft IIS Invalid WebDAV Request DoS
3107| [5606] Microsoft IIS WebDAV PROPFIND Request DoS
3108| [5584] Microsoft IIS URL Redirection Malformed Length DoS
3109| [5566] Microsoft IIS Form_VBScript.asp XSS
3110| [5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow
3111| [4864] Microsoft IIS TRACK Logging Failure
3112| [4863] Microsoft IIS Active Server Page Header DoS
3113| [4791] Microsoft IIS Response Object DoS
3114| [4655] Microsoft IIS ssinc.dll Long Filename Overflow
3115| [4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow
3116| [3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation
3117| [3500] Microsoft IIS fpcount.exe Remote Overflow
3118| [3341] Microsoft IIS Redirect Response XSS
3119| [3339] Microsoft IIS HTTP Error Page XSS
3120| [3338] Microsoft IIS Help File XSS
3121| [3328] Microsoft IIS FTP Status Request DoS
3122| [3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS
3123| [3325] Microsoft IIS HTR ISAPI Overflow
3124| [3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow
3125| [3320] Microsoft IIS ASP Server-Side Include Buffer Overflow
3126| [3316] Microsoft IIS HTTP Header Field Delimiter Overflow
3127| [3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow
3128| [3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval
3129| [3231] Microsoft IIS Log Bypass
3130| [2106] Microsoft Media Services ISAPI nsiislog.dll Overflow
3131| [1931] Microsoft IIS MIME Content-Type Header DoS
3132| [1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow
3133| [1826] Microsoft IIS Domain Guest Account Disclosure
3134| [1824] Microsoft IIS FTP DoS
3135| [1804] Microsoft IIS Long Request Parsing Remote DoS
3136| [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS
3137| [1750] Microsoft IIS File Fragment Disclosure
3138| [1543] Microsoft NT/IIS Invalid URL Request DoS
3139| [1504] Microsoft IIS File Permission Canonicalization Bypass
3140| [1465] Microsoft IIS .htr Missing Variable DoS
3141| [1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure
3142| [1322] Microsoft IIS Malformed .htr Request DoS
3143| [1281] Microsoft IIS Escaped Character Saturation Remote DoS
3144| [1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS
3145| [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access
3146| [1170] Microsoft IIS Escape Character URL Access Bypass
3147| [1083] Microsoft IIS FTP NO ACCESS Read/Delete File
3148| [1082] Microsoft IIS Domain Resolution Access Bypass
3149| [1041] Microsoft IIS Malformed HTTP Request Header DoS
3150| [1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation
3151| [930] Microsoft IIS Shared ASP Cache Information Disclosure
3152| [929] Microsoft IIS FTP Server NLST Command Overflow
3153| [928] Microsoft IIS Long Request Log Evasion
3154| [815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure
3155| [814] Microsoft IIS global.asa Remote Information Disclosure
3156| [782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access
3157| [771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation
3158| [768] Microsoft IIS ASP Chunked Encoding Heap Overflow
3159| [636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure
3160| [630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure
3161| [568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow
3162| [564] Microsoft IIS ISM.dll Fragmented Source Disclosure
3163| [556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution
3164| [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution
3165| [482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS
3166| [475] Microsoft IIS bdir.htr Arbitrary Directory Listing
3167| [474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access
3168| [473] Microsoft IIS Multiple .cnf File Information Disclosure
3169| [471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure
3170| [470] Microsoft IIS Form_JScript.asp XSS
3171| [463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
3172| [436] Microsoft IIS Unicode Remote Command Execution
3173| [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
3174| [391] Microsoft IIS IDA/IDQ Document Root Path Disclosure
3175| [390] Microsoft IIS Translate f: Request ASP Source Disclosure
3176| [308] Microsoft IIS Malformed File Extension URL DoS
3177| [285] Microsoft IIS repost.asp File Upload
3178| [284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration
3179| [283] Microsoft IIS /iissamples Multiple Sample Scripts Installed
3180| [277] Microsoft IIS / PWS %2e Request ASP Source Disclosure
3181| [276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure
3182| [275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation
3183| [274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
3184| [273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation
3185| [272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution
3186| [271] Microsoft IIS WebHits null.htw .asp Source Disclosure
3187| [98] Microsoft IIS perl.exe HTTP Path Disclosure
3188| [97] Microsoft IIS ISM.DLL HTR Request Overflow
3189| [96] Microsoft IIS idq.dll Traversal Arbitrary File Access
3190| [7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
3191| [4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS
3192| [3] Microsoft IIS ExAir query.asp Direct Request Remote DoS
3193| [2] Microsoft IIS ExAir search.asp Direct Request DoS
3194|_
3195Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3196OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
3197No OS matches for host
3198Network Distance: 10 hops
3199Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
3200
3201TRACEROUTE (using port 80/tcp)
3202HOP RTT ADDRESS
32031 262.37 ms 10.238.204.1
32042 262.44 ms 45.131.4.3
32053 262.43 ms 109.236.95.230
32064 262.47 ms 109.236.95.167
32075 262.49 ms ae3.amster51.ams.seabone.net (195.22.213.126)
32086 367.84 ms et1-1-2.istanbul1.ist.seabone.net (93.186.132.165)
32097 367.87 ms superonline.istanbul1.ist.seabone.net (93.186.132.155)
32108 ... 9
321110 162.09 ms 2.58.141.20
3212
3213NSE: Script Post-scanning.
3214Initiating NSE at 22:57
3215Completed NSE at 22:57, 0.00s elapsed
3216Initiating NSE at 22:57
3217Completed NSE at 22:57, 0.00s elapsed
3218#######################################################################################################################################
3219------------------------------------------------------------------------------------------------------------------------
3220
3221[ ! ] Starting SCANNER INURLBR 2.1 at [17-10-2019 22:58:15]
3222[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
3223It is the end user's responsibility to obey all applicable local, state and federal laws.
3224Developers assume no liability and are not responsible for any misuse or damage caused by this program
3225
3226[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.samsun.gov.tr/output/inurlbr-www.samsun.gov.tr ]
3227[ INFO ][ DORK ]::[ site:www.samsun.gov.tr ]
3228[ INFO ][ SEARCHING ]:: {
3229[ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.mx ]
3230
3231[ INFO ][ SEARCHING ]::
3232-[:::]
3233[ INFO ][ ENGINE ]::[ GOOGLE API ]
3234
3235[ INFO ][ SEARCHING ]::
3236-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
3237[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.mg ID: 012984904789461885316:oy3-mu17hxk ]
3238
3239[ INFO ][ SEARCHING ]::
3240-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
3241
3242[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
3243
3244
3245 _[ - ]::--------------------------------------------------------------------------------------------------------------
3246|_[ + ] [ 0 / 100 ]-[22:58:36] [ - ]
3247|_[ + ] Target:: [ http://www.samsun.gov.tr/ ]
3248|_[ + ] Exploit::
3249|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3250|_[ + ] More details:: / - / , ISP:
3251|_[ + ] Found:: UNIDENTIFIED
3252
3253 _[ - ]::--------------------------------------------------------------------------------------------------------------
3254|_[ + ] [ 1 / 100 ]-[22:58:39] [ - ]
3255|_[ + ] Target:: [ http://www.samsun.gov.tr/19 ]
3256|_[ + ] Exploit::
3257|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3258|_[ + ] More details:: / - / , ISP:
3259|_[ + ] Found:: UNIDENTIFIED
3260
3261 _[ - ]::--------------------------------------------------------------------------------------------------------------
3262|_[ + ] [ 2 / 100 ]-[22:58:42] [ - ]
3263|_[ + ] Target:: [ http://www.samsun.gov.tr/sehit ]
3264|_[ + ] Exploit::
3265|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3266|_[ + ] More details:: / - / , ISP:
3267|_[ + ] Found:: UNIDENTIFIED
3268
3269 _[ - ]::--------------------------------------------------------------------------------------------------------------
3270|_[ + ] [ 3 / 100 ]-[22:58:45] [ - ]
3271|_[ + ] Target:: [ http://www.samsun.gov.tr/j ]
3272|_[ + ] Exploit::
3273|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3274|_[ + ] More details:: / - / , ISP:
3275|_[ + ] Found:: UNIDENTIFIED
3276
3277 _[ - ]::--------------------------------------------------------------------------------------------------------------
3278|_[ + ] [ 4 / 100 ]-[22:58:47] [ - ]
3279|_[ + ] Target:: [ http://www.samsun.gov.tr/yikob ]
3280|_[ + ] Exploit::
3281|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3282|_[ + ] More details:: / - / , ISP:
3283|_[ + ] Found:: UNIDENTIFIED
3284
3285 _[ - ]::--------------------------------------------------------------------------------------------------------------
3286|_[ + ] [ 5 / 100 ]-[22:58:50] [ - ]
3287|_[ + ] Target:: [ http://www.samsun.gov.tr/5 ]
3288|_[ + ] Exploit::
3289|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3290|_[ + ] More details:: / - / , ISP:
3291|_[ + ] Found:: UNIDENTIFIED
3292
3293 _[ - ]::--------------------------------------------------------------------------------------------------------------
3294|_[ + ] [ 6 / 100 ]-[22:58:53] [ - ]
3295|_[ + ] Target:: [ http://www.samsun.gov.tr/sayginligimiz-artti ]
3296|_[ + ] Exploit::
3297|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3298|_[ + ] More details:: / - / , ISP:
3299|_[ + ] Found:: UNIDENTIFIED
3300
3301 _[ - ]::--------------------------------------------------------------------------------------------------------------
3302|_[ + ] [ 7 / 100 ]-[22:58:55] [ - ]
3303|_[ + ] Target:: [ http://www.samsun.gov.tr/genelge-20167 ]
3304|_[ + ] Exploit::
3305|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3306|_[ + ] More details:: / - / , ISP:
3307|_[ + ] Found:: UNIDENTIFIED
3308
3309 _[ - ]::--------------------------------------------------------------------------------------------------------------
3310|_[ + ] [ 8 / 100 ]-[22:58:58] [ - ]
3311|_[ + ] Target:: [ http://www.samsun.gov.tr/basin-duyurusu1 ]
3312|_[ + ] Exploit::
3313|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3314|_[ + ] More details:: / - / , ISP:
3315|_[ + ] Found:: UNIDENTIFIED
3316
3317 _[ - ]::--------------------------------------------------------------------------------------------------------------
3318|_[ + ] [ 9 / 100 ]-[22:59:01] [ - ]
3319|_[ + ] Target:: [ http://www.samsun.gov.tr/basvuru-yollari ]
3320|_[ + ] Exploit::
3321|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3322|_[ + ] More details:: / - / , ISP:
3323|_[ + ] Found:: UNIDENTIFIED
3324
3325 _[ - ]::--------------------------------------------------------------------------------------------------------------
3326|_[ + ] [ 10 / 100 ]-[22:59:04] [ - ]
3327|_[ + ] Target:: [ http://www.samsun.gov.tr/samsun-platforumu ]
3328|_[ + ] Exploit::
3329|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3330|_[ + ] More details:: / - / , ISP:
3331|_[ + ] Found:: UNIDENTIFIED
3332
3333 _[ - ]::--------------------------------------------------------------------------------------------------------------
3334|_[ + ] [ 11 / 100 ]-[22:59:07] [ - ]
3335|_[ + ] Target:: [ http://www.samsun.gov.tr/son-dakika ]
3336|_[ + ] Exploit::
3337|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3338|_[ + ] More details:: / - / , ISP:
3339|_[ + ] Found:: UNIDENTIFIED
3340
3341 _[ - ]::--------------------------------------------------------------------------------------------------------------
3342|_[ + ] [ 12 / 100 ]-[22:59:10] [ - ]
3343|_[ + ] Target:: [ http://www.samsun.gov.tr/-2 ]
3344|_[ + ] Exploit::
3345|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3346|_[ + ] More details:: / - / , ISP:
3347|_[ + ] Found:: UNIDENTIFIED
3348
3349 _[ - ]::--------------------------------------------------------------------------------------------------------------
3350|_[ + ] [ 13 / 100 ]-[22:59:13] [ - ]
3351|_[ + ] Target:: [ http://www.samsun.gov.tr/valilikanasayfa ]
3352|_[ + ] Exploit::
3353|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3354|_[ + ] More details:: / - / , ISP:
3355|_[ + ] Found:: UNIDENTIFIED
3356
3357 _[ - ]::--------------------------------------------------------------------------------------------------------------
3358|_[ + ] [ 14 / 100 ]-[22:59:16] [ - ]
3359|_[ + ] Target:: [ http://www.samsun.gov.tr/salipazari ]
3360|_[ + ] Exploit::
3361|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3362|_[ + ] More details:: / - / , ISP:
3363|_[ + ] Found:: UNIDENTIFIED
3364
3365 _[ - ]::--------------------------------------------------------------------------------------------------------------
3366|_[ + ] [ 15 / 100 ]-[22:59:19] [ - ]
3367|_[ + ] Target:: [ http://www.samsun.gov.tr/s ]
3368|_[ + ] Exploit::
3369|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3370|_[ + ] More details:: / - / , ISP:
3371|_[ + ] Found:: UNIDENTIFIED
3372
3373 _[ - ]::--------------------------------------------------------------------------------------------------------------
3374|_[ + ] [ 16 / 100 ]-[22:59:22] [ - ]
3375|_[ + ] Target:: [ http://www.samsun.gov.tr/tesekkur0 ]
3376|_[ + ] Exploit::
3377|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3378|_[ + ] More details:: / - / , ISP:
3379|_[ + ] Found:: UNIDENTIFIED
3380
3381 _[ - ]::--------------------------------------------------------------------------------------------------------------
3382|_[ + ] [ 17 / 100 ]-[22:59:24] [ - ]
3383|_[ + ] Target:: [ http://www.samsun.gov.tr/duyurular ]
3384|_[ + ] Exploit::
3385|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3386|_[ + ] More details:: / - / , ISP:
3387|_[ + ] Found:: UNIDENTIFIED
3388
3389 _[ - ]::--------------------------------------------------------------------------------------------------------------
3390|_[ + ] [ 18 / 100 ]-[22:59:29] [ - ]
3391|_[ + ] Target:: [ http://www.samsun.gov.tr/tekkekoy ]
3392|_[ + ] Exploit::
3393|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3394|_[ + ] More details:: / - / , ISP:
3395|_[ + ] Found:: UNIDENTIFIED
3396
3397 _[ - ]::--------------------------------------------------------------------------------------------------------------
3398|_[ + ] [ 19 / 100 ]-[22:59:32] [ - ]
3399|_[ + ] Target:: [ http://www.samsun.gov.tr/ayvacik ]
3400|_[ + ] Exploit::
3401|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3402|_[ + ] More details:: / - / , ISP:
3403|_[ + ] Found:: UNIDENTIFIED
3404
3405 _[ - ]::--------------------------------------------------------------------------------------------------------------
3406|_[ + ] [ 20 / 100 ]-[22:59:35] [ - ]
3407|_[ + ] Target:: [ http://www.samsun.gov.tr/tabiat-bosluk-sevmez ]
3408|_[ + ] Exploit::
3409|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3410|_[ + ] More details:: / - / , ISP:
3411|_[ + ] Found:: UNIDENTIFIED
3412
3413 _[ - ]::--------------------------------------------------------------------------------------------------------------
3414|_[ + ] [ 21 / 100 ]-[22:59:38] [ - ]
3415|_[ + ] Target:: [ http://www.samsun.gov.tr/haberler ]
3416|_[ + ] Exploit::
3417|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3418|_[ + ] More details:: / - / , ISP:
3419|_[ + ] Found:: UNIDENTIFIED
3420
3421 _[ - ]::--------------------------------------------------------------------------------------------------------------
3422|_[ + ] [ 22 / 100 ]-[22:59:41] [ - ]
3423|_[ + ] Target:: [ http://www.samsun.gov.tr/19mayis ]
3424|_[ + ] Exploit::
3425|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3426|_[ + ] More details:: / - / , ISP:
3427|_[ + ] Found:: UNIDENTIFIED
3428
3429 _[ - ]::--------------------------------------------------------------------------------------------------------------
3430|_[ + ] [ 23 / 100 ]-[22:59:44] [ - ]
3431|_[ + ] Target:: [ http://www.samsun.gov.tr/sehrimiz ]
3432|_[ + ] Exploit::
3433|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3434|_[ + ] More details:: / - / , ISP:
3435|_[ + ] Found:: UNIDENTIFIED
3436
3437 _[ - ]::--------------------------------------------------------------------------------------------------------------
3438|_[ + ] [ 24 / 100 ]-[22:59:47] [ - ]
3439|_[ + ] Target:: [ http://www.samsun.gov.tr/carsamba ]
3440|_[ + ] Exploit::
3441|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3442|_[ + ] More details:: / - / , ISP:
3443|_[ + ] Found:: UNIDENTIFIED
3444
3445 _[ - ]::--------------------------------------------------------------------------------------------------------------
3446|_[ + ] [ 25 / 100 ]-[22:59:50] [ - ]
3447|_[ + ] Target:: [ http://www.samsun.gov.tr/00 ]
3448|_[ + ] Exploit::
3449|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3450|_[ + ] More details:: / - / , ISP:
3451|_[ + ] Found:: UNIDENTIFIED
3452
3453 _[ - ]::--------------------------------------------------------------------------------------------------------------
3454|_[ + ] [ 26 / 100 ]-[22:59:53] [ - ]
3455|_[ + ] Target:: [ http://www.samsun.gov.tr/yoneticilerimiz ]
3456|_[ + ] Exploit::
3457|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3458|_[ + ] More details:: / - / , ISP:
3459|_[ + ] Found:: UNIDENTIFIED
3460
3461 _[ - ]::--------------------------------------------------------------------------------------------------------------
3462|_[ + ] [ 27 / 100 ]-[22:59:56] [ - ]
3463|_[ + ] Target:: [ http://www.samsun.gov.tr/iletisim2 ]
3464|_[ + ] Exploit::
3465|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3466|_[ + ] More details:: / - / , ISP:
3467|_[ + ] Found:: UNIDENTIFIED
3468
3469 _[ - ]::--------------------------------------------------------------------------------------------------------------
3470|_[ + ] [ 28 / 100 ]-[22:59:58] [ - ]
3471|_[ + ] Target:: [ http://www.samsun.gov.tr/asarcik ]
3472|_[ + ] Exploit::
3473|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3474|_[ + ] More details:: / - / , ISP:
3475|_[ + ] Found:: UNIDENTIFIED
3476
3477 _[ - ]::--------------------------------------------------------------------------------------------------------------
3478|_[ + ] [ 29 / 100 ]-[23:00:01] [ - ]
3479|_[ + ] Target:: [ http://www.samsun.gov.tr/ilkadim ]
3480|_[ + ] Exploit::
3481|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3482|_[ + ] More details:: / - / , ISP:
3483|_[ + ] Found:: UNIDENTIFIED
3484
3485 _[ - ]::--------------------------------------------------------------------------------------------------------------
3486|_[ + ] [ 30 / 100 ]-[23:00:04] [ - ]
3487|_[ + ] Target:: [ http://www.samsun.gov.tr/0- ]
3488|_[ + ] Exploit::
3489|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3490|_[ + ] More details:: / - / , ISP:
3491|_[ + ] Found:: UNIDENTIFIED
3492
3493 _[ - ]::--------------------------------------------------------------------------------------------------------------
3494|_[ + ] [ 31 / 100 ]-[23:00:07] [ - ]
3495|_[ + ] Target:: [ http://www.samsun.gov.tr/ilcelerimiz ]
3496|_[ + ] Exploit::
3497|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3498|_[ + ] More details:: / - / , ISP:
3499|_[ + ] Found:: UNIDENTIFIED
3500
3501 _[ - ]::--------------------------------------------------------------------------------------------------------------
3502|_[ + ] [ 32 / 100 ]-[23:00:10] [ - ]
3503|_[ + ] Target:: [ http://www.samsun.gov.tr/dosyalar ]
3504|_[ + ] Exploit::
3505|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3506|_[ + ] More details:: / - / , ISP:
3507|_[ + ] Found:: UNIDENTIFIED
3508
3509 _[ - ]::--------------------------------------------------------------------------------------------------------------
3510|_[ + ] [ 33 / 100 ]-[23:00:13] [ - ]
3511|_[ + ] Target:: [ http://www.samsun.gov.tr/duyurugenel1 ]
3512|_[ + ] Exploit::
3513|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3514|_[ + ] More details:: / - / , ISP:
3515|_[ + ] Found:: UNIDENTIFIED
3516
3517 _[ - ]::--------------------------------------------------------------------------------------------------------------
3518|_[ + ] [ 34 / 100 ]-[23:00:16] [ - ]
3519|_[ + ] Target:: [ http://www.samsun.gov.tr/alacam ]
3520|_[ + ] Exploit::
3521|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3522|_[ + ] More details:: / - / , ISP:
3523|_[ + ] Found:: UNIDENTIFIED
3524
3525 _[ - ]::--------------------------------------------------------------------------------------------------------------
3526|_[ + ] [ 35 / 100 ]-[23:00:19] [ - ]
3527|_[ + ] Target:: [ http://www.samsun.gov.tr/tesekkur00 ]
3528|_[ + ] Exploit::
3529|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3530|_[ + ] More details:: / - / , ISP:
3531|_[ + ] Found:: UNIDENTIFIED
3532
3533 _[ - ]::--------------------------------------------------------------------------------------------------------------
3534|_[ + ] [ 36 / 100 ]-[23:00:22] [ - ]
3535|_[ + ] Target:: [ http://www.samsun.gov.tr/-- ]
3536|_[ + ] Exploit::
3537|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3538|_[ + ] More details:: / - / , ISP:
3539|_[ + ] Found:: UNIDENTIFIED
3540
3541 _[ - ]::--------------------------------------------------------------------------------------------------------------
3542|_[ + ] [ 37 / 100 ]-[23:00:25] [ - ]
3543|_[ + ] Target:: [ http://www.samsun.gov.tr/atakum ]
3544|_[ + ] Exploit::
3545|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3546|_[ + ] More details:: / - / , ISP:
3547|_[ + ] Found:: UNIDENTIFIED
3548
3549 _[ - ]::--------------------------------------------------------------------------------------------------------------
3550|_[ + ] [ 38 / 100 ]-[23:00:26] [ - ]
3551|_[ + ] Target:: [ http://www.samsun.gov.tr/yelleme ]
3552|_[ + ] Exploit::
3553|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3554|_[ + ] More details:: / - / , ISP:
3555|_[ + ] Found:: UNIDENTIFIED
3556
3557 _[ - ]::--------------------------------------------------------------------------------------------------------------
3558|_[ + ] [ 39 / 100 ]-[23:00:29] [ - ]
3559|_[ + ] Target:: [ http://www.samsun.gov.tr/oncelik-hayatin-oncelik-yayanin ]
3560|_[ + ] Exploit::
3561|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3562|_[ + ] More details:: / - / , ISP:
3563|_[ + ] Found:: UNIDENTIFIED
3564
3565 _[ - ]::--------------------------------------------------------------------------------------------------------------
3566|_[ + ] [ 40 / 100 ]-[23:00:32] [ - ]
3567|_[ + ] Target:: [ http://www.samsun.gov.tr/saglikta-siddeti-ret-ediyoruz ]
3568|_[ + ] Exploit::
3569|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3570|_[ + ] More details:: / - / , ISP:
3571|_[ + ] Found:: UNIDENTIFIED
3572
3573 _[ - ]::--------------------------------------------------------------------------------------------------------------
3574|_[ + ] [ 41 / 100 ]-[23:00:35] [ - ]
3575|_[ + ] Target:: [ http://www.samsun.gov.tr/bu-halka-hizmet-ayricaliktir ]
3576|_[ + ] Exploit::
3577|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3578|_[ + ] More details:: / - / , ISP:
3579|_[ + ] Found:: UNIDENTIFIED
3580
3581 _[ - ]::--------------------------------------------------------------------------------------------------------------
3582|_[ + ] [ 42 / 100 ]-[23:00:37] [ - ]
3583|_[ + ] Target:: [ http://www.samsun.gov.tr/ilkadimin-simgesi-bandirma-gemisi ]
3584|_[ + ] Exploit::
3585|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3586|_[ + ] More details:: / - / , ISP:
3587|_[ + ] Found:: UNIDENTIFIED
3588
3589 _[ - ]::--------------------------------------------------------------------------------------------------------------
3590|_[ + ] [ 43 / 100 ]-[23:00:40] [ - ]
3591|_[ + ] Target:: [ http://www.samsun.gov.tr/medikum-hamlesini-samsunda-baslatiyoruz ]
3592|_[ + ] Exploit::
3593|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3594|_[ + ] More details:: / - / , ISP:
3595|_[ + ] Found:: UNIDENTIFIED
3596
3597 _[ - ]::--------------------------------------------------------------------------------------------------------------
3598|_[ + ] [ 44 / 100 ]-[23:00:43] [ - ]
3599|_[ + ] Target:: [ http://www.samsun.gov.tr/ogullariniz-bizim-goz-bebeklerimizmdir ]
3600|_[ + ] Exploit::
3601|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3602|_[ + ] More details:: / - / , ISP:
3603|_[ + ] Found:: UNIDENTIFIED
3604
3605 _[ - ]::--------------------------------------------------------------------------------------------------------------
3606|_[ + ] [ 45 / 100 ]-[23:00:46] [ - ]
3607|_[ + ] Target:: [ http://www.samsun.gov.tr/bizler-bayburt-kokenli-samsunlulariz ]
3608|_[ + ] Exploit::
3609|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3610|_[ + ] More details:: / - / , ISP:
3611|_[ + ] Found:: UNIDENTIFIED
3612
3613 _[ - ]::--------------------------------------------------------------------------------------------------------------
3614|_[ + ] [ 46 / 100 ]-[23:00:49] [ - ]
3615|_[ + ] Target:: [ http://www.samsun.gov.tr/tek-istedigimiz-yaslilarin-dualaridir ]
3616|_[ + ] Exploit::
3617|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3618|_[ + ] More details:: / - / , ISP:
3619|_[ + ] Found:: UNIDENTIFIED
3620
3621 _[ - ]::--------------------------------------------------------------------------------------------------------------
3622|_[ + ] [ 47 / 100 ]-[23:00:53] [ - ]
3623|_[ + ] Target:: [ http://www.samsun.gov.tr/samsun-bu-bolgenin-yildizidir ]
3624|_[ + ] Exploit::
3625|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3626|_[ + ] More details:: / - / , ISP:
3627|_[ + ] Found:: UNIDENTIFIED
3628
3629 _[ - ]::--------------------------------------------------------------------------------------------------------------
3630|_[ + ] [ 48 / 100 ]-[23:00:55] [ - ]
3631|_[ + ] Target:: [ http://www.samsun.gov.tr/yayla-evlerinde-erzak-birakmayiniz ]
3632|_[ + ] Exploit::
3633|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3634|_[ + ] More details:: / - / , ISP:
3635|_[ + ] Found:: UNIDENTIFIED
3636
3637 _[ - ]::--------------------------------------------------------------------------------------------------------------
3638|_[ + ] [ 49 / 100 ]-[23:00:58] [ - ]
3639|_[ + ] Target:: [ http://www.samsun.gov.tr/15-temmuz-unutulmamali-unutulmayacak ]
3640|_[ + ] Exploit::
3641|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3642|_[ + ] More details:: / - / , ISP:
3643|_[ + ] Found:: UNIDENTIFIED
3644
3645 _[ - ]::--------------------------------------------------------------------------------------------------------------
3646|_[ + ] [ 50 / 100 ]-[23:01:01] [ - ]
3647|_[ + ] Target:: [ http://www.samsun.gov.tr/kurban-bayrami-tedbirleri-alindi ]
3648|_[ + ] Exploit::
3649|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3650|_[ + ] More details:: / - / , ISP:
3651|_[ + ] Found:: UNIDENTIFIED
3652
3653 _[ - ]::--------------------------------------------------------------------------------------------------------------
3654|_[ + ] [ 51 / 100 ]-[23:01:04] [ - ]
3655|_[ + ] Target:: [ http://www.samsun.gov.tr/ozel-hastaneler-bizim-zenginligimiz ]
3656|_[ + ] Exploit::
3657|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3658|_[ + ] More details:: / - / , ISP:
3659|_[ + ] Found:: UNIDENTIFIED
3660
3661 _[ - ]::--------------------------------------------------------------------------------------------------------------
3662|_[ + ] [ 52 / 100 ]-[23:01:07] [ - ]
3663|_[ + ] Target:: [ http://www.samsun.gov.tr/egitimde-isbirligi-protokolu-imzalandi ]
3664|_[ + ] Exploit::
3665|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3666|_[ + ] More details:: / - / , ISP:
3667|_[ + ] Found:: UNIDENTIFIED
3668
3669 _[ - ]::--------------------------------------------------------------------------------------------------------------
3670|_[ + ] [ 53 / 100 ]-[23:01:10] [ - ]
3671|_[ + ] Target:: [ http://www.samsun.gov.tr/yavrularimizin-gelecekleri-aydinlik-olsun ]
3672|_[ + ] Exploit::
3673|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3674|_[ + ] More details:: / - / , ISP:
3675|_[ + ] Found:: UNIDENTIFIED
3676
3677 _[ - ]::--------------------------------------------------------------------------------------------------------------
3678|_[ + ] [ 54 / 100 ]-[23:01:13] [ - ]
3679|_[ + ] Target:: [ http://www.samsun.gov.tr/erzagini-yaylada-birakma-duyuru ]
3680|_[ + ] Exploit::
3681|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3682|_[ + ] More details:: / - / , ISP:
3683|_[ + ] Found:: UNIDENTIFIED
3684
3685 _[ - ]::--------------------------------------------------------------------------------------------------------------
3686|_[ + ] [ 55 / 100 ]-[23:01:16] [ - ]
3687|_[ + ] Target:: [ http://www.samsun.gov.tr/samsun-golf-sahasina-kavustu ]
3688|_[ + ] Exploit::
3689|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3690|_[ + ] More details:: / - / , ISP:
3691|_[ + ] Found:: UNIDENTIFIED
3692
3693 _[ - ]::--------------------------------------------------------------------------------------------------------------
3694|_[ + ] [ 56 / 100 ]-[23:01:19] [ - ]
3695|_[ + ] Target:: [ http://www.samsun.gov.tr/carsamba-kaymakamligi ]
3696|_[ + ] Exploit::
3697|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3698|_[ + ] More details:: / - / , ISP:
3699|_[ + ] Found:: UNIDENTIFIED
3700
3701 _[ - ]::--------------------------------------------------------------------------------------------------------------
3702|_[ + ] [ 57 / 100 ]-[23:01:22] [ - ]
3703|_[ + ] Target:: [ http://www.samsun.gov.tr/kavak-mutfak ]
3704|_[ + ] Exploit::
3705|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3706|_[ + ] More details:: / - / , ISP:
3707|_[ + ] Found:: UNIDENTIFIED
3708
3709 _[ - ]::--------------------------------------------------------------------------------------------------------------
3710|_[ + ] [ 58 / 100 ]-[23:01:25] [ - ]
3711|_[ + ] Target:: [ http://www.samsun.gov.tr/vezirkopru-mutfak ]
3712|_[ + ] Exploit::
3713|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3714|_[ + ] More details:: / - / , ISP:
3715|_[ + ] Found:: UNIDENTIFIED
3716
3717 _[ - ]::--------------------------------------------------------------------------------------------------------------
3718|_[ + ] [ 59 / 100 ]-[23:01:28] [ - ]
3719|_[ + ] Target:: [ http://www.samsun.gov.tr/hizmet-birimleri ]
3720|_[ + ] Exploit::
3721|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3722|_[ + ] More details:: / - / , ISP:
3723|_[ + ] Found:: UNIDENTIFIED
3724
3725 _[ - ]::--------------------------------------------------------------------------------------------------------------
3726|_[ + ] [ 60 / 100 ]-[23:01:31] [ - ]
3727|_[ + ] Target:: [ http://www.samsun.gov.tr/ibrahim-avci ]
3728|_[ + ] Exploit::
3729|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3730|_[ + ] More details:: / - / , ISP:
3731|_[ + ] Found:: UNIDENTIFIED
3732
3733 _[ - ]::--------------------------------------------------------------------------------------------------------------
3734|_[ + ] [ 61 / 100 ]-[23:01:34] [ - ]
3735|_[ + ] Target:: [ http://www.samsun.gov.tr/ilkadim-kaymakamligi ]
3736|_[ + ] Exploit::
3737|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3738|_[ + ] More details:: / - / , ISP:
3739|_[ + ] Found:: UNIDENTIFIED
3740
3741 _[ - ]::--------------------------------------------------------------------------------------------------------------
3742|_[ + ] [ 62 / 100 ]-[23:01:36] [ - ]
3743|_[ + ] Target:: [ http://www.samsun.gov.tr/terme-mutfak ]
3744|_[ + ] Exploit::
3745|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3746|_[ + ] More details:: / - / , ISP:
3747|_[ + ] Found:: UNIDENTIFIED
3748
3749 _[ - ]::--------------------------------------------------------------------------------------------------------------
3750|_[ + ] [ 63 / 100 ]-[23:01:39] [ - ]
3751|_[ + ] Target:: [ http://www.samsun.gov.tr/atakum-kaymakamligi ]
3752|_[ + ] Exploit::
3753|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3754|_[ + ] More details:: / - / , ISP:
3755|_[ + ] Found:: UNIDENTIFIED
3756
3757 _[ - ]::--------------------------------------------------------------------------------------------------------------
3758|_[ + ] [ 64 / 100 ]-[23:01:42] [ - ]
3759|_[ + ] Target:: [ http://www.samsun.gov.tr/ayvacik-mutfak ]
3760|_[ + ] Exploit::
3761|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3762|_[ + ] More details:: / - / , ISP:
3763|_[ + ] Found:: UNIDENTIFIED
3764
3765 _[ - ]::--------------------------------------------------------------------------------------------------------------
3766|_[ + ] [ 65 / 100 ]-[23:01:45] [ - ]
3767|_[ + ] Target:: [ http://www.samsun.gov.tr/salipazari-mutfak ]
3768|_[ + ] Exploit::
3769|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3770|_[ + ] More details:: / - / , ISP:
3771|_[ + ] Found:: UNIDENTIFIED
3772
3773 _[ - ]::--------------------------------------------------------------------------------------------------------------
3774|_[ + ] [ 66 / 100 ]-[23:01:48] [ - ]
3775|_[ + ] Target:: [ http://www.samsun.gov.tr/canik-kaymakamligi ]
3776|_[ + ] Exploit::
3777|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3778|_[ + ] More details:: / - / , ISP:
3779|_[ + ] Found:: UNIDENTIFIED
3780
3781 _[ - ]::--------------------------------------------------------------------------------------------------------------
3782|_[ + ] [ 67 / 100 ]-[23:01:51] [ - ]
3783|_[ + ] Target:: [ http://www.samsun.gov.tr/samsun-defterdarligi ]
3784|_[ + ] Exploit::
3785|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3786|_[ + ] More details:: / - / , ISP:
3787|_[ + ] Found:: UNIDENTIFIED
3788
3789 _[ - ]::--------------------------------------------------------------------------------------------------------------
3790|_[ + ] [ 68 / 100 ]-[23:01:54] [ - ]
3791|_[ + ] Target:: [ http://www.samsun.gov.tr/havza-kaymakamligi ]
3792|_[ + ] Exploit::
3793|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3794|_[ + ] More details:: / - / , ISP:
3795|_[ + ] Found:: UNIDENTIFIED
3796
3797 _[ - ]::--------------------------------------------------------------------------------------------------------------
3798|_[ + ] [ 69 / 100 ]-[23:01:57] [ - ]
3799|_[ + ] Target:: [ http://www.samsun.gov.tr/tekkekoy-mutfak ]
3800|_[ + ] Exploit::
3801|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3802|_[ + ] More details:: / - / , ISP:
3803|_[ + ] Found:: UNIDENTIFIED
3804
3805 _[ - ]::--------------------------------------------------------------------------------------------------------------
3806|_[ + ] [ 70 / 100 ]-[23:01:59] [ - ]
3807|_[ + ] Target:: [ http://www.samsun.gov.tr/uyuma-projesi ]
3808|_[ + ] Exploit::
3809|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3810|_[ + ] More details:: / - / , ISP:
3811|_[ + ] Found:: UNIDENTIFIED
3812
3813 _[ - ]::--------------------------------------------------------------------------------------------------------------
3814|_[ + ] [ 71 / 100 ]-[23:02:03] [ - ]
3815|_[ + ] Target:: [ http://www.samsun.gov.tr/--- ]
3816|_[ + ] Exploit::
3817|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3818|_[ + ] More details:: / - / , ISP:
3819|_[ + ] Found:: UNIDENTIFIED
3820
3821 _[ - ]::--------------------------------------------------------------------------------------------------------------
3822|_[ + ] [ 72 / 100 ]-[23:02:04] [ - ]
3823|_[ + ] Target:: [ http://www.samsun.gov.tr/--1111 ]
3824|_[ + ] Exploit::
3825|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3826|_[ + ] More details:: / - / , ISP:
3827|_[ + ] Found:: UNIDENTIFIED
3828
3829 _[ - ]::--------------------------------------------------------------------------------------------------------------
3830|_[ + ] [ 73 / 100 ]-[23:02:07] [ - ]
3831|_[ + ] Target:: [ http://www.samsun.gov.tr/alacam-kaymakamligi ]
3832|_[ + ] Exploit::
3833|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3834|_[ + ] More details:: / - / , ISP:
3835|_[ + ] Found:: UNIDENTIFIED
3836
3837 _[ - ]::--------------------------------------------------------------------------------------------------------------
3838|_[ + ] [ 74 / 100 ]-[23:02:09] [ - ]
3839|_[ + ] Target:: [ http://www.samsun.gov.tr/kagitta-hamsi ]
3840|_[ + ] Exploit::
3841|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3842|_[ + ] More details:: / - / , ISP:
3843|_[ + ] Found:: UNIDENTIFIED
3844
3845 _[ - ]::--------------------------------------------------------------------------------------------------------------
3846|_[ + ] [ 75 / 100 ]-[23:02:11] [ - ]
3847|_[ + ] Target:: [ http://www.samsun.gov.tr/atakum-mutfak ]
3848|_[ + ] Exploit::
3849|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3850|_[ + ] More details:: / - / , ISP:
3851|_[ + ] Found:: UNIDENTIFIED
3852
3853 _[ - ]::--------------------------------------------------------------------------------------------------------------
3854|_[ + ] [ 76 / 100 ]-[23:02:14] [ - ]
3855|_[ + ] Target:: [ http://www.samsun.gov.tr/yikob/mevzuat ]
3856|_[ + ] Exploit::
3857|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3858|_[ + ] More details:: / - / , ISP:
3859|_[ + ] Found:: UNIDENTIFIED
3860
3861 _[ - ]::--------------------------------------------------------------------------------------------------------------
3862|_[ + ] [ 77 / 100 ]-[23:02:17] [ - ]
3863|_[ + ] Target:: [ http://www.samsun.gov.tr/ayvacik-kaymakamligi ]
3864|_[ + ] Exploit::
3865|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3866|_[ + ] More details:: / - / , ISP:
3867|_[ + ] Found:: UNIDENTIFIED
3868
3869 _[ - ]::--------------------------------------------------------------------------------------------------------------
3870|_[ + ] [ 78 / 100 ]-[23:02:20] [ - ]
3871|_[ + ] Target:: [ http://www.samsun.gov.tr/canik-mutfak ]
3872|_[ + ] Exploit::
3873|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3874|_[ + ] More details:: / - / , ISP:
3875|_[ + ] Found:: UNIDENTIFIED
3876
3877 _[ - ]::--------------------------------------------------------------------------------------------------------------
3878|_[ + ] [ 79 / 100 ]-[23:02:26] [ - ]
3879|_[ + ] Target:: [ http://www.samsun.gov.tr/protokol-listesi ]
3880|_[ + ] Exploit::
3881|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3882|_[ + ] More details:: / - / , ISP:
3883|_[ + ] Found:: UNIDENTIFIED
3884
3885 _[ - ]::--------------------------------------------------------------------------------------------------------------
3886|_[ + ] [ 80 / 100 ]-[23:02:28] [ - ]
3887|_[ + ] Target:: [ http://www.samsun.gov.tr/samsun-muftulugu ]
3888|_[ + ] Exploit::
3889|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3890|_[ + ] More details:: / - / , ISP:
3891|_[ + ] Found:: UNIDENTIFIED
3892
3893 _[ - ]::--------------------------------------------------------------------------------------------------------------
3894|_[ + ] [ 81 / 100 ]-[23:02:31] [ - ]
3895|_[ + ] Target:: [ http://www.samsun.gov.tr/sehidimizi-karsiladik ]
3896|_[ + ] Exploit::
3897|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3898|_[ + ] More details:: / - / , ISP:
3899|_[ + ] Found:: UNIDENTIFIED
3900
3901 _[ - ]::--------------------------------------------------------------------------------------------------------------
3902|_[ + ] [ 82 / 100 ]-[23:02:34] [ - ]
3903|_[ + ] Target:: [ http://www.samsun.gov.tr/asarcik-mutfak ]
3904|_[ + ] Exploit::
3905|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3906|_[ + ] More details:: / - / , ISP:
3907|_[ + ] Found:: UNIDENTIFIED
3908
3909 _[ - ]::--------------------------------------------------------------------------------------------------------------
3910|_[ + ] [ 83 / 100 ]-[23:02:37] [ - ]
3911|_[ + ] Target:: [ http://www.samsun.gov.tr/yikob/iletisim ]
3912|_[ + ] Exploit::
3913|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3914|_[ + ] More details:: / - / , ISP:
3915|_[ + ] Found:: UNIDENTIFIED
3916
3917 _[ - ]::--------------------------------------------------------------------------------------------------------------
3918|_[ + ] [ 84 / 100 ]-[23:02:40] [ - ]
3919|_[ + ] Target:: [ http://www.samsun.gov.tr/kunduz-ormanlari2 ]
3920|_[ + ] Exploit::
3921|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3922|_[ + ] More details:: / - / , ISP:
3923|_[ + ] Found:: UNIDENTIFIED
3924
3925 _[ - ]::--------------------------------------------------------------------------------------------------------------
3926|_[ + ] [ 85 / 100 ]-[23:02:43] [ - ]
3927|_[ + ] Target:: [ http://www.samsun.gov.tr/vali-menu ]
3928|_[ + ] Exploit::
3929|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3930|_[ + ] More details:: / - / , ISP:
3931|_[ + ] Found:: UNIDENTIFIED
3932
3933 _[ - ]::--------------------------------------------------------------------------------------------------------------
3934|_[ + ] [ 86 / 100 ]-[23:02:46] [ - ]
3935|_[ + ] Target:: [ http://www.samsun.gov.tr/hasan-balci ]
3936|_[ + ] Exploit::
3937|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3938|_[ + ] More details:: / - / , ISP:
3939|_[ + ] Found:: UNIDENTIFIED
3940
3941 _[ - ]::--------------------------------------------------------------------------------------------------------------
3942|_[ + ] [ 87 / 100 ]-[23:02:48] [ - ]
3943|_[ + ] Target:: [ http://www.samsun.gov.tr/terme-kaymakamligi ]
3944|_[ + ] Exploit::
3945|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3946|_[ + ] More details:: / - / , ISP:
3947|_[ + ] Found:: UNIDENTIFIED
3948
3949 _[ - ]::--------------------------------------------------------------------------------------------------------------
3950|_[ + ] [ 88 / 100 ]-[23:02:52] [ - ]
3951|_[ + ] Target:: [ http://www.samsun.gov.tr/mehmet-aktas ]
3952|_[ + ] Exploit::
3953|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3954|_[ + ] More details:: / - / , ISP:
3955|_[ + ] Found:: UNIDENTIFIED
3956
3957 _[ - ]::--------------------------------------------------------------------------------------------------------------
3958|_[ + ] [ 89 / 100 ]-[23:02:55] [ - ]
3959|_[ + ] Target:: [ http://www.samsun.gov.tr/ladik-kaymakamligi ]
3960|_[ + ] Exploit::
3961|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3962|_[ + ] More details:: / - / , ISP:
3963|_[ + ] Found:: UNIDENTIFIED
3964
3965 _[ - ]::--------------------------------------------------------------------------------------------------------------
3966|_[ + ] [ 90 / 100 ]-[23:02:58] [ - ]
3967|_[ + ] Target:: [ http://www.samsun.gov.tr/yikob/projelerimiz ]
3968|_[ + ] Exploit::
3969|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3970|_[ + ] More details:: / - / , ISP:
3971|_[ + ] Found:: UNIDENTIFIED
3972
3973 _[ - ]::--------------------------------------------------------------------------------------------------------------
3974|_[ + ] [ 91 / 100 ]-[23:03:00] [ - ]
3975|_[ + ] Target:: [ http://www.samsun.gov.tr/kavak-kaymakamligi ]
3976|_[ + ] Exploit::
3977|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3978|_[ + ] More details:: / - / , ISP:
3979|_[ + ] Found:: UNIDENTIFIED
3980
3981 _[ - ]::--------------------------------------------------------------------------------------------------------------
3982|_[ + ] [ 92 / 100 ]-[23:03:03] [ - ]
3983|_[ + ] Target:: [ http://www.samsun.gov.tr/basin-duyurusu ]
3984|_[ + ] Exploit::
3985|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3986|_[ + ] More details:: / - / , ISP:
3987|_[ + ] Found:: UNIDENTIFIED
3988
3989 _[ - ]::--------------------------------------------------------------------------------------------------------------
3990|_[ + ] [ 93 / 100 ]-[23:03:06] [ - ]
3991|_[ + ] Target:: [ http://www.samsun.gov.tr/kurumsal-kimlik ]
3992|_[ + ] Exploit::
3993|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
3994|_[ + ] More details:: / - / , ISP:
3995|_[ + ] Found:: UNIDENTIFIED
3996
3997 _[ - ]::--------------------------------------------------------------------------------------------------------------
3998|_[ + ] [ 94 / 100 ]-[23:03:09] [ - ]
3999|_[ + ] Target:: [ http://www.samsun.gov.tr/alacam-mutfak ]
4000|_[ + ] Exploit::
4001|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
4002|_[ + ] More details:: / - / , ISP:
4003|_[ + ] Found:: UNIDENTIFIED
4004
4005 _[ - ]::--------------------------------------------------------------------------------------------------------------
4006|_[ + ] [ 95 / 100 ]-[23:03:11] [ - ]
4007|_[ + ] Target:: [ http://www.samsun.gov.tr/havza-mutfak ]
4008|_[ + ] Exploit::
4009|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
4010|_[ + ] More details:: / - / , ISP:
4011|_[ + ] Found:: UNIDENTIFIED
4012
4013 _[ - ]::--------------------------------------------------------------------------------------------------------------
4014|_[ + ] [ 96 / 100 ]-[23:03:14] [ - ]
4015|_[ + ] Target:: [ http://www.samsun.gov.tr/tekkekoy-kaymakamligi ]
4016|_[ + ] Exploit::
4017|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
4018|_[ + ] More details:: / - / , ISP:
4019|_[ + ] Found:: UNIDENTIFIED
4020
4021 _[ - ]::--------------------------------------------------------------------------------------------------------------
4022|_[ + ] [ 97 / 100 ]-[23:03:17] [ - ]
4023|_[ + ] Target:: [ http://www.samsun.gov.tr/bati-park2 ]
4024|_[ + ] Exploit::
4025|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
4026|_[ + ] More details:: / - / , ISP:
4027|_[ + ] Found:: UNIDENTIFIED
4028
4029 _[ - ]::--------------------------------------------------------------------------------------------------------------
4030|_[ + ] [ 98 / 100 ]-[23:03:20] [ - ]
4031|_[ + ] Target:: [ http://www.samsun.gov.tr/kaymakamlar-menu ]
4032|_[ + ] Exploit::
4033|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
4034|_[ + ] More details:: / - / , ISP:
4035|_[ + ] Found:: UNIDENTIFIED
4036
4037 _[ - ]::--------------------------------------------------------------------------------------------------------------
4038|_[ + ] [ 99 / 100 ]-[23:03:23] [ - ]
4039|_[ + ] Target:: [ http://www.samsun.gov.tr/etik-kurulu ]
4040|_[ + ] Exploit::
4041|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET, IP:2.58.141.20:80
4042|_[ + ] More details:: / - / , ISP:
4043|_[ + ] Found:: UNIDENTIFIED
4044
4045[ INFO ] [ Shutting down ]
4046[ INFO ] [ End of process INURLBR at [17-10-2019 23:03:23]
4047[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
4048[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.samsun.gov.tr/output/inurlbr-www.samsun.gov.tr ]
4049|_________________________________________________________________________________________
4050
4051\_________________________________________________________________________________________/
4052#######################################################################################################################################
4053Hosts
4054=====
4055
4056address mac name os_name os_flavor os_sp purpose info comments
4057------- --- ---- ------- --------- ----- ------- ---- --------
40582.58.141.20 Unknown device
4059
4060Services
4061========
4062
4063host port proto name state info
4064---- ---- ----- ---- ----- ----
40652.58.141.20 53 udp domain unknown
40662.58.141.20 67 udp dhcps unknown
40672.58.141.20 68 udp dhcpc unknown
40682.58.141.20 69 udp tftp unknown
40692.58.141.20 80 tcp http open
40702.58.141.20 88 udp kerberos-sec unknown
40712.58.141.20 123 udp ntp unknown
40722.58.141.20 139 udp netbios-ssn unknown
40732.58.141.20 161 udp snmp unknown
40742.58.141.20 162 udp snmptrap unknown
40752.58.141.20 389 udp ldap unknown
40762.58.141.20 500 udp isakmp unknown
40772.58.141.20 520 udp route unknown
40782.58.141.20 2049 udp nfs unknown
4079#######################################################################################################################################
4080Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 21:29 EDT
4081Nmap scan report for 2.58.141.20
4082Host is up (0.17s latency).
4083Not shown: 995 filtered ports, 4 closed ports
4084Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
4085PORT STATE SERVICE
408680/tcp open http
4087
4088Nmap done: 1 IP address (1 host up) scanned in 532.59 seconds
4089#######################################################################################################################################
4090Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 21:38 EDT
4091Nmap scan report for 2.58.141.20
4092Host is up (0.19s latency).
4093Not shown: 2 filtered ports
4094PORT STATE SERVICE
409553/udp open|filtered domain
409667/udp open|filtered dhcps
409768/udp open|filtered dhcpc
409869/udp open|filtered tftp
409988/udp open|filtered kerberos-sec
4100123/udp open|filtered ntp
4101139/udp open|filtered netbios-ssn
4102161/udp open|filtered snmp
4103162/udp open|filtered snmptrap
4104389/udp open|filtered ldap
4105500/udp open|filtered isakmp
4106520/udp open|filtered route
41072049/udp open|filtered nfs
4108
4109Nmap done: 1 IP address (1 host up) scanned in 4.42 seconds
4110#######################################################################################################################################
4111HTTP/1.1 302 Found
4112Cache-Control: private, no-store, max-age=240
4113Content-Length: 123
4114Content-Type: text/html; charset=utf-8
4115Expires: Fri, 18 Oct 2019 01:42:16 GMT
4116Last-Modified: Fri, 18 Oct 2019 01:38:16 GMT
4117Location: /Login
4118Vary: *
4119Server: Microsoft-IIS/8.5
4120Set-Cookie: ASP.NET_SessionId=pmvywebdsyaxiiw1siwco1kz; path=/; HttpOnly
4121X-AspNetMvc-Version: 4.0
4122X-AspNet-Version: 4.0.30319
4123X-Powered-By: ASP.NET
4124Date: Fri, 18 Oct 2019 01:38:16 GMT
4125Set-Cookie: NSC_ESNS=80ff0fd7-1775-1da9-9678-ba8b1843e7c4_1944962992_4039151482_00000000006458216677; Path=/; Expires=Fri, 18-Oct-2019 01:38:31 GMT
4126#######################################################################################################################################
4127http://2.58.141.20 [302 Found] ASP_NET[4.0.30319][MVC4.0], Citrix-NetScaler, Cookies[ASP.NET_SessionId,NSC_ESNS], Country[UKRAINE][UA], HTTPServer[Microsoft-IIS/8.5], HttpOnly[ASP.NET_SessionId], IP[2.58.141.20], Microsoft-IIS[8.5], RedirectLocation[/Login], Title[Object moved], UncommonHeaders[x-aspnetmvc-version], X-Powered-By[ASP.NET]
4128http://2.58.141.20/Login [302 Found] ASP_NET[4.0.30319][MVC4.0], Citrix-NetScaler, Cookies[ASP.NET_SessionId,NSC_ESNS], Country[UKRAINE][UA], HTTPServer[Microsoft-IIS/8.5], HttpOnly[ASP.NET_SessionId], IP[2.58.141.20], Microsoft-IIS[8.5], RedirectLocation[/Uyari/HataOlustu], Title[Object moved], UncommonHeaders[x-aspnetmvc-version], X-Powered-By[ASP.NET]
4129http://2.58.141.20/Uyari/HataOlustu [200 OK] ASP_NET[4.0.30319][MVC4.0], Citrix-NetScaler, Cookies[NSC_ESNS], Country[UKRAINE][UA], HTML5, HTTPServer[Microsoft-IIS/8.5], IP[2.58.141.20], Microsoft-IIS[8.5], Script[text/javascript], Title[Hata Oluştu | ISAY2], UncommonHeaders[x-aspnetmvc-version,x-via-nscopi], X-Powered-By[ASP.NET]
4130#######################################################################################################################################
4131
4132wig - WebApp Information Gatherer
4133
4134
4135Scanning http://2.58.141.20...
4136__________________________ SITE INFO __________________________
4137IP Title
41382.58.141.20 Hata Oluştu | ISAY2
4139
4140___________________________ VERSION ___________________________
4141Name Versions Type
4142ASP.NET 4.0.30319 Platform
4143IIS 8.5 Platform
4144Microsoft Windows Server 2012 R2 OS
4145
4146_________________________ INTERESTING _________________________
4147URL Note Type
4148/robots.txt robots.txt index Interesting
4149
4150_______________________________________________________________
4151#######################################################################################################################################
4152Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 21:56 EDT
4153NSE: Loaded 163 scripts for scanning.
4154NSE: Script Pre-scanning.
4155Initiating NSE at 21:56
4156Completed NSE at 21:56, 0.00s elapsed
4157Initiating NSE at 21:56
4158Completed NSE at 21:56, 0.00s elapsed
4159Initiating Parallel DNS resolution of 1 host. at 21:56
4160Completed Parallel DNS resolution of 1 host. at 21:56, 0.02s elapsed
4161Initiating SYN Stealth Scan at 21:56
4162Scanning 2.58.141.20 [1 port]
4163Discovered open port 80/tcp on 2.58.141.20
4164Completed SYN Stealth Scan at 21:56, 0.26s elapsed (1 total ports)
4165Initiating Service scan at 21:56
4166Scanning 1 service on 2.58.141.20
4167Completed Service scan at 21:56, 6.50s elapsed (1 service on 1 host)
4168Initiating OS detection (try #1) against 2.58.141.20
4169Retrying OS detection (try #2) against 2.58.141.20
4170Initiating Traceroute at 21:56
4171Completed Traceroute at 21:56, 3.01s elapsed
4172Initiating Parallel DNS resolution of 8 hosts. at 21:56
4173Completed Parallel DNS resolution of 8 hosts. at 21:56, 0.68s elapsed
4174NSE: Script scanning 2.58.141.20.
4175Initiating NSE at 21:56
4176Completed NSE at 21:59, 187.11s elapsed
4177Initiating NSE at 21:59
4178Completed NSE at 22:00, 1.14s elapsed
4179Nmap scan report for 2.58.141.20
4180Host is up (0.23s latency).
4181
4182PORT STATE SERVICE VERSION
418380/tcp open http Microsoft IIS httpd 8.5
4184| http-brute:
4185|_ Path "/" does not require authentication
4186|_http-chrono: Request times for /; avg: 1113.79ms; min: 506.59ms; max: 3138.75ms
4187|_http-config-backup: ERROR: Script execution failed (use -d to debug)
4188|_http-csrf: Couldn't find any CSRF vulnerabilities.
4189|_http-date: Fri, 18 Oct 2019 01:56:57 GMT; 0s from local time.
4190|_http-devframework: ASP.NET detected. Found related header.
4191|_http-dombased-xss: Couldn't find any DOM based XSS.
4192|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
4193|_http-errors: Couldn't find any error pages.
4194|_http-feed: Couldn't find any feeds.
4195|_http-fetch: Please enter the complete path of the directory to save data in.
4196| http-grep:
4197| (1) http://2.58.141.20:80/:
4198| (1) ip:
4199|_ + 10.0.100.85
4200| http-headers:
4201| Cache-Control: public, max-age=5274
4202| Content-Length: 0
4203| X-Via-NSCOPI: 1.0
4204| Content-Type: text/html; charset=utf-8
4205| Expires: Fri, 18 Oct 2019 03:24:53 GMT
4206| Last-Modified: Fri, 18 Oct 2019 00:38:13 GMT
4207| Vary: *
4208| Server: Microsoft-IIS/8.5
4209| X-AspNetMvc-Version: 4.0
4210| X-AspNet-Version: 4.0.30319
4211| X-Powered-By: ASP.NET
4212| Date: Fri, 18 Oct 2019 01:56:58 GMT
4213| Set-Cookie: NSC_ESNS=80f06364-1bd8-1da9-9678-ba8b1843e7c4_3649249079_1521372506_00000000015047506613; Path=/; Expires=Fri, 18-Oct-2019 01:57:13 GMT
4214| Cache-Control: no-cache
4215|
4216|_ (Request type: HEAD)
4217|_http-jsonp-detection: Couldn't find any JSONP endpoints.
4218| http-methods:
4219|_ Supported Methods: GET HEAD POST OPTIONS
4220|_http-mobileversion-checker: No mobile version detected.
4221| http-php-version: Logo query returned unknown hash f54233a77cda95d151c7da22afc75a61
4222|_Credits query returned unknown hash f54233a77cda95d151c7da22afc75a61
4223| http-robots.txt: 5 disallowed entries
4224| /kullanicilar /ortak_icerik /kurumlar /Kurumlar
4225|_/Kullanicilar
4226| http-security-headers:
4227| Cache_Control:
4228| Header: Cache-Control: public, max-age=7507, no-cache
4229| Expires:
4230|_ Header: Expires: Fri, 18 Oct 2019 04:02:08 GMT
4231|_http-server-header: Microsoft-IIS/8.5
4232| http-sitemap-generator:
4233| Directory structure:
4234| /
4235| Other: 1
4236| Longest directory structure:
4237| Depth: 0
4238| Dir: /
4239| Total files found (by extension):
4240|_ Other: 1
4241|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
4242| http-title: Hata Olu\xC5\x9Ftu | ISAY2
4243|_Requested resource was /Uyari/HataOlustu
4244| http-traceroute:
4245| last-modified
4246| Hop #1: Fri, 18 Oct 2019 01:57:00 GMT
4247| Hop #2: Fri, 18 Oct 2019 01:57:00 GMT
4248|_ Hop #3: Fri, 18 Oct 2019 01:57:01 GMT
4249| http-vhosts:
4250|_127 names had status 302
4251| http-vuln-cve2010-0738:
4252|_ /jmx-console/: Authentication was not required
4253|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
4254| http-waf-fingerprint:
4255| Detected WAF
4256|_ Citrix Netscaler
4257|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
4258|_http-xssed: No previously reported XSS vuln.
4259| vulscan: VulDB - https://vuldb.com:
4260| [68193] Microsoft IIS 8.0/8.5 IP and Domain Restriction privilege escalation
4261| [48519] Microsoft Works 8.5/9.0 memory corruption
4262| [45763] Microsoft Windows Live Messenger up to 8.5.1 unknown vulnerability
4263| [141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
4264| [141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
4265| [134730] Microsoft Skype 8.35 on Android Bluetooth Listening information disclosure
4266| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
4267| [126799] Microsoft Dynamics 365 8 Web Request Code Execution
4268| [126798] Microsoft Dynamics 365 8 Web Request cross site scripting
4269| [126797] Microsoft Dynamics 365 8 Web Request cross site scripting
4270| [126796] Microsoft Dynamics 365 8 Web Request cross site scripting
4271| [126795] Microsoft Dynamics 365 8 Web Request cross site scripting
4272| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
4273| [121108] Microsoft Mail Client 8.1 information disclosure
4274| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4275| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4276| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
4277| [100989] Microsoft Internet Explorer 8/9/10/11 memory corruption
4278| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
4279| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
4280| [93988] Microsoft Desktop Client for Mac up to 8.0.36 privilege escalation
4281| [93755] Microsoft Internet Explorer 8 Ls\xC2\xADFind\xC2\xADSpan\xC2\xADVisual\xC2\xADBoundaries memory corruption
4282| [93535] Microsoft Internet Explorer 8/9/10/11 Regex vbscript.dll RegExpComp::PnodeParse memory corruption
4283| [93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption
4284| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
4285| [92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation
4286| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
4287| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
4288| [91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO information disclosure
4289| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
4290| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
4291| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
4292| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
4293| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
4294| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
4295| [87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal memory corruption
4296| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
4297| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
4298| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
4299| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
4300| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
4301| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
4302| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
4303| [80844] Microsoft Internet Explorer 8/9/10/11 MSHTML MSHTML!Method_VARIANTBOOLp_BSTR_o0oVARIANT memory corruption
4304| [80209] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript memory corruption
4305| [79462] Microsoft Internet Explorer 8/9/10/11 memory corruption
4306| [79460] Microsoft Internet Explorer 8/9 memory corruption
4307| [79458] Microsoft Internet Explorer 8/9 memory corruption
4308| [79457] Microsoft Internet Explorer 8/9 memory corruption
4309| [79455] Microsoft Internet Explorer 8/9/10/11 XSS Filter privilege escalation
4310| [79449] Microsoft Internet Explorer 8/9/10/11 XSS Filter privilege escalation
4311| [79448] Microsoft Internet Explorer 8/9/10/11 Scripting Engine memory corruption
4312| [79447] Microsoft Internet Explorer 8/9/10/11 Scripting Engine information disclosure
4313| [79445] Microsoft Internet Explorer 8/9/10/11 memory corruption
4314| [79162] Microsoft Internet Explorer 8/9/10/11 Scripting Engine memory corruption
4315| [79155] Microsoft Internet Explorer 8/9/10/11 memory corruption
4316| [79143] Microsoft Internet Explorer 8/9/10/11 memory corruption
4317| [78390] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine information disclosure
4318| [78386] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine memory corruption
4319| [78384] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine ASLR privilege escalation
4320| [78379] Microsoft Internet Explorer 8/9/10/11 EditWith Broker privilege escalation
4321| [78377] Microsoft Internet Explorer 8 privilege escalation
4322| [78362] Microsoft Internet Explorer 8/9/10/11 VBScript/JScript Engine RegExpBase::FBadHeader memory corruption
4323| [77605] Microsoft Internet Explorer 8 VBScript/JScript Engine memory corruption
4324| [77006] Microsoft Internet Explorer 8/9/10/11 memory corruption
4325| [77004] Microsoft Internet Explorer 8/9/10/11 memory corruption
4326| [76490] Microsoft Internet Explorer 8/9/10/11 Image Caching History information disclosure
4327| [76482] Microsoft Internet Explorer 8 memory corruption
4328| [76479] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
4329| [76474] Microsoft Internet Explorer 8/9 memory corruption
4330| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
4331| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
4332| [76437] Microsoft Internet Explorer 8/9 memory corruption
4333| [75780] Microsoft Internet Explorer 8 memory corruption
4334| [75707] Cisco Unified MeetingPlace for Microsoft Outlook 8.6(1.2)/ 8.6(1.9) cross site scripting
4335| [75322] Microsoft Internet Explorer 8/9 memory corruption
4336| [75319] Microsoft Internet Explorer 8/9/10/11 memory corruption
4337| [75311] Microsoft Internet Explorer 8/9 memory corruption
4338| [75308] Microsoft Internet Explorer 8/9/10/11 VBscript and JScript Engine privilege escalation
4339| [75306] Microsoft Internet Explorer 8/9/10/11 VBScript Engine privilege escalation
4340| [74856] Microsoft Internet Explorer 8/9/10/11 memory corruption
4341| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
4342| [73946] Microsoft Internet Explorer 8/9/10/11 memory corruption
4343| [73943] Microsoft Internet Explorer 8 memory corruption
4344| [73939] Microsoft Internet Explorer 8/9/10/11 VBScript Engine memory corruption
4345| [69137] Microsoft Internet Explorer 8 ASLR privilege escalation
4346| [69136] Microsoft Internet Explorer 8/9 MSHTML SpanQualifier memory corruption
4347| [69135] Microsoft Internet Explorer 8/10 memory corruption
4348| [69131] Microsoft Internet Explorer 8/9 memory corruption
4349| [69130] Microsoft Internet Explorer 8/9/10/11 memory corruption
4350| [68400] Microsoft Internet Explorer 8 memory corruption
4351| [68393] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
4352| [68389] Microsoft Internet Explorer 8/9/10/11 XSS Filter cross site scripting
4353| [68181] Microsoft Internet Explorer 8/9/10/11 memory corruption
4354| [68176] Microsoft Internet Explorer 8/9/10/11 information disclosure
4355| [68174] Microsoft Internet Explorer 8/9 memory corruption
4356| [68169] Microsoft Internet Explorer 8/9 ASLR privilege escalation
4357| [68211] Microsoft Internet Explorer 8/9/10/11 denial of service
4358| [67821] Microsoft Internet Explorer 8/9/10/11 CAttrArray memory corruption
4359| [67813] Microsoft Internet Explorer 8 memory corruption
4360| [67500] Microsoft Internet Explorer 8/9/10/11 memory corruption
4361| [67494] Microsoft Internet Explorer 8/9/10/11 memory corruption
4362| [67345] Microsoft Internet Explorer 8/9/10/11 memory corruption
4363| [67340] Microsoft Internet Explorer 8 memory corruption
4364| [67337] Microsoft Internet Explorer 8/9 memory corruption
4365| [67007] Microsoft Internet Explorer 8/9/10/11 memory corruption
4366| [67006] Microsoft Internet Explorer 8/9/10 memory corruption
4367| [67002] Microsoft Internet Explorer 8/9/10/11 memory corruption
4368| [67000] Microsoft Internet Explorer 8/9/10/11 memory corruption
4369| [66995] Microsoft Internet Explorer 8/9/10/11 memory corruption
4370| [13542] Microsoft Internet Explorer 8/9/10/11 privilege escalation
4371| [13536] Microsoft Internet Explorer 8 memory corruption
4372| [13518] Microsoft Internet Explorer 8 memory corruption
4373| [13515] Microsoft Internet Explorer 8/9/10/11 memory corruption
4374| [13509] Microsoft Internet Explorer 8 memory corruption
4375| [13499] Microsoft Internet Explorer 8 memory corruption
4376| [13496] Microsoft Internet Explorer 8/9/10/11 privilege escalation
4377| [13027] Microsoft Internet Explorer 8/9 information disclosure
4378| [66605] Microsoft Internet Explorer 8/9/10/11 memory corruption
4379| [12543] Microsoft Internet Explorer 8/9/10/11 memory corruption
4380| [12541] Microsoft Internet Explorer 8/9/10 memory corruption
4381| [12540] Microsoft Internet Explorer 8/9/10/11 memory corruption
4382| [12538] Microsoft Internet Explorer 8/9 memory corruption
4383| [12531] Microsoft Internet Explorer 8/9/10/11 memory corruption
4384| [66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control information disclosure
4385| [12252] Microsoft Internet Explorer 8 memory corruption
4386| [12245] Microsoft Internet Explorer 8/9/10/11 memory corruption
4387| [12239] Microsoft Internet Explorer 8/9/10/11 privilege escalation
4388| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
4389| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
4390| [11141] Microsoft Internet Explorer 8/9/10/11 CCaret Object Use-After-Free memory corruption
4391| [11138] Microsoft Internet Explorer 8/9/10/11 CTreePos Object memory corruption
4392| [10623] Microsoft Internet Explorer 8/9 memory corruption
4393| [10215] Microsoft Internet Explorer 8/9 memory corruption
4394| [10214] Microsoft Internet Explorer 8/9/10 memory corruption
4395| [9935] Microsoft Internet Explorer 8/9 memory corruption
4396| [9934] Microsoft Internet Explorer 8/9/10 memory corruption
4397| [9933] Microsoft Internet Explorer 8/9 memory corruption
4398| [9932] Microsoft Internet Explorer 8/9 memory corruption
4399| [10246] Microsoft Internet Explorer 8 Table Tree Use-After-Free memory corruption
4400| [9419] Microsoft Internet Explorer up to 8 memory corruption
4401| [9418] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
4402| [9413] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
4403| [9406] Microsoft Internet Explorer 8/9/10 memory corruption
4404| [9099] Microsoft Internet Explorer 8/9 Use-After-Free memory corruption
4405| [9098] Microsoft Internet Explorer 8 memory corruption
4406| [9095] Microsoft Internet Explorer 8/9/10 Use-After-Free memory corruption
4407| [9084] Microsoft Internet Explorer 8/9/10 _UpdateButtonLocation memory corruption
4408| [9083] Microsoft Internet Explorer 8/9 memory corruption
4409| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
4410| [8718] Microsoft Internet Explorer 8 memory corruption
4411| [8714] Microsoft Internet Explorer 8/9 memory corruption
4412| [8712] Microsoft Internet Explorer 8/9 memory corruption
4413| [8601] Microsoft Internet Explorer 8 'vtable' memory corruption
4414| [8423] Microsoft Internet Explorer up to 8.00.6001.18702 CSS iexplorer.exe denial of service
4415| [7962] Microsoft Internet Explorer up to 8 CTreeNode memory corruption
4416| [7958] Microsoft Internet Explorer up to 8 Celement memory corruption
4417| [7996] Microsoft Windows 8 TrueType Font denial of service
4418| [63558] Microsoft Internet Explorer 8 Use-After-Free memory corruption
4419| [63557] Microsoft Internet Explorer 8/9 Use-After-Free memory corruption
4420| [7511] Microsoft Internet Explorer 8/9 TCP Session information disclosure
4421| [7510] Microsoft Internet Explorer 8/9 HTTP/HTTPS Request spoofing
4422| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
4423| [7199] Microsoft Internet Explorer 8/9 mshtml.dll Unclosed Tags Sequence denial of service
4424| [6513] Microsoft Internet Explorer 8/9 OnMove Engine Use-After-Free memory corruption
4425| [5937] Microsoft Internet Explorer 8/9 JavaScript Parser memory corruption
4426| [5538] Microsoft Internet Explorer 8 Same ID Property Deleted Object memory corruption
4427| [5532] Microsoft Internet Explorer 8/9 HTML Sanitization toStaticHTML String information disclosure
4428| [5530] Microsoft Internet Explorer 8/9 OnRowsInserted Elements memory corruption
4429| [5516] Microsoft Internet Explorer 8/9 memory corruption
4430| [4467] Microsoft Internet Explorer 8 cross site scripting
4431| [4454] Microsoft Internet Explorer 8/9 unknown vulnerability
4432| [59618] Microsoft Internet Explorer 8 unknown vulnerability
4433| [57681] Microsoft Internet Explorer 8/9 memory corruption
4434| [57675] Microsoft Internet Explorer 8 memory corruption
4435| [4372] Microsoft Internet Explorer 8/9 information disclosure
4436| [57130] Microsoft Internet Explorer 8 on Win7 msxml.dll unknown vulnerability
4437| [4340] Microsoft Internet Explorer up to 8 unknown vulnerability
4438| [56786] Microsoft Internet Explorer 8 on Win7 unknown vulnerability
4439| [56785] Microsoft Internet Explorer 8 on Win7 memory corruption
4440| [56412] Microsoft Internet Explorer 8 IEShims.dll unknown vulnerability
4441| [55755] Microsoft Internet Explorer 8 memory corruption
4442| [54961] Microsoft Internet Explorer 8 mshtml.dll InsertIntoTimeoutList information disclosure
4443| [4172] Microsoft Internet Explorer up to 8 CSS cross site scripting
4444| [54339] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
4445| [53805] Microsoft Internet Explorer 8 unknown vulnerability
4446| [53514] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
4447| [53513] Microsoft Internet Explorer 8 memory corruption
4448| [4137] Microsoft Internet Explorer up to 8.0 memory corruption
4449| [4121] Microsoft Internet Explorer 8 XSS Filter cross site scripting
4450| [52505] Microsoft Internet Explorer 8 mstime.dll memory corruption
4451| [52373] Microsoft Internet Explorer 8 on Win7 Use-After-Free memory corruption
4452| [52372] Microsoft Internet Explorer 8 on Win7 Heap-based memory corruption
4453| [51652] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
4454| [51651] Microsoft Internet Explorer 8 Uninitialized Memory memory corruption
4455| [50914] Microsoft Internet Explorer 8 cross site scripting
4456| [50910] Microsoft Internet Explorer 8 unknown vulnerability
4457| [4048] Microsoft Internet Explorer up to 8 CSS Declaration memory corruption
4458| [4047] Microsoft Internet Explorer up to 8 DOM Object memory corruption
4459| [4046] Microsoft Internet Explorer up to 8 HTML memory corruption
4460| [3987] Microsoft Internet Explorer up to 8 Row Reference memory corruption
4461| [3982] Microsoft Internet Explorer up to 8 DHTML Call memory corruption
4462| [47244] Microsoft Internet Explorer 8 on Win 7 memory corruption
4463| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
4464| [45451] Microsoft Internet Explorer 8 XSS Filter cross site scripting
4465| [45450] Microsoft Internet Explorer 8 XSS Filter Protection cross site scripting
4466| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
4467| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
4468| [45447] Microsoft Internet Explorer 8 XSS Filter cross site scripting
4469| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
4470| [39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption
4471| [34991] Microsoft Visual Studio 8.0 msvcr80.dll denial of service
4472| [33589] Microsoft Windows Live Messenger up to 8.0 denial of service
4473|
4474| MITRE CVE - https://cve.mitre.org:
4475| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
4476| [CVE-2011-1215] Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
4477| [CVE-2010-3496] McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
4478| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
4479| [CVE-2009-3032] Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
4480| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
4481| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
4482| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
4483| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
4484| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
4485| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
4486| [CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
4487| [CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
4488| [CVE-2004-1312] A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
4489| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
4490| [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
4491| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
4492| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
4493| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
4494| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
4495| [CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
4496| [CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
4497| [CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.
4498| [CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
4499| [CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.
4500| [CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110.
4501| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
4502| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
4503| [CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111.
4504| [CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
4505| [CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141.
4506| [CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report.
4507| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
4508| [CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
4509| [CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.
4510| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
4511| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
4512| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
4513| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
4514| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
4515| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
4516| [CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
4517| [CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811.
4518| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
4519| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
4520| [CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
4521| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
4522| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
4523| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
4524| [CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
4525| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
4526| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
4527| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
4528| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
4529| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
4530| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
4531| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
4532| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
4533| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4534| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4535| [CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307.
4536| [CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
4537| [CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
4538| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
4539| [CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
4540| [CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
4541| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
4542| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
4543| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
4544| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
4545| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
4546| [CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
4547| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
4548| [CVE-2012-2523] Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
4549| [CVE-2012-1881] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
4550| [CVE-2012-1875] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
4551| [CVE-2012-1874] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
4552| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
4553| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
4554| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
4555| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
4556| [CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
4557| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
4558| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
4559| [CVE-2012-1523] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
4560| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
4561| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
4562| [CVE-2012-0172] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
4563| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
4564| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
4565| [CVE-2011-2382] Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
4566| [CVE-2011-1999] Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
4567| [CVE-2011-1996] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
4568| [CVE-2011-1992] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
4569| [CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
4570| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
4571| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
4572| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
4573| [CVE-2011-1266] The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
4574| [CVE-2011-1260] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
4575| [CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
4576| [CVE-2011-1257] Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
4577| [CVE-2011-1256] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
4578| [CVE-2011-1255] The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
4579| [CVE-2011-1254] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
4580| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
4581| [CVE-2011-1251] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
4582| [CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."
4583| [CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
4584| [CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
4585| [CVE-2011-0038] Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
4586| [CVE-2011-0036] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.
4587| [CVE-2011-0035] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.
4588| [CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
4589| [CVE-2010-3971] Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
4590| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
4591| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
4592| [CVE-2010-3886] The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
4593| [CVE-2010-3348] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
4594| [CVE-2010-3346] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
4595| [CVE-2010-3345] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
4596| [CVE-2010-3342] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
4597| [CVE-2010-3331] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
4598| [CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
4599| [CVE-2010-3329] mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
4600| [CVE-2010-3328] Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
4601| [CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."
4602| [CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
4603| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
4604| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
4605| [CVE-2010-2560] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."
4606| [CVE-2010-2559] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.
4607| [CVE-2010-2558] Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."
4608| [CVE-2010-2556] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
4609| [CVE-2010-2442] Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
4610| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
4611| [CVE-2010-2118] Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
4612| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
4613| [CVE-2010-1991] Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
4614| [CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
4615| [CVE-2010-1262] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
4616| [CVE-2010-1261] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
4617| [CVE-2010-1260] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
4618| [CVE-2010-1259] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
4619| [CVE-2010-1258] Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."
4620| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
4621| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
4622| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
4623| [CVE-2010-0555] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.
4624| [CVE-2010-0494] Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
4625| [CVE-2010-0492] Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
4626| [CVE-2010-0490] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
4627| [CVE-2010-0255] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
4628| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
4629| [CVE-2010-0248] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
4630| [CVE-2010-0246] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
4631| [CVE-2010-0245] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
4632| [CVE-2010-0244] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
4633| [CVE-2010-0112] Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file
4634| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
4635| [CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
4636| [CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
4637| [CVE-2009-3674] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
4638| [CVE-2009-3673] Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
4639| [CVE-2009-3671] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
4640| [CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
4641| [CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
4642| [CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
4643| [CVE-2009-2536] Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
4644| [CVE-2009-2531] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.
4645| [CVE-2009-2530] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.
4646| [CVE-2009-2529] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
4647| [CVE-2009-2069] Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
4648| [CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
4649| [CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
4650| [CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3
4651| [CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
4652| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
4653| [CVE-2009-1016] Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate.
4654| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
4655| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
4656| [CVE-2009-0084] Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
4657| [CVE-2009-0072] Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.
4658| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
4659| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
4660| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4661| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4662| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4663| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
4664| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
4665| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
4666| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
4667| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
4668| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
4669| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
4670| [CVE-2008-4254] Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
4671| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
4672| [CVE-2008-4252] The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
4673| [CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
4674| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
4675| [CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
4676| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
4677| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
4678| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
4679| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
4680| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
4681| [CVE-2008-2948] Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
4682| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4683| [CVE-2008-1544] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
4684| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
4685| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
4686| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
4687| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
4688| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
4689| [CVE-2007-5277] Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
4690| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
4691| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
4692| [CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
4693| [CVE-2007-0842] The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
4694| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
4695| [CVE-2007-0047] CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
4696| [CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
4697| [CVE-2006-3654] Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.
4698| [CVE-2006-3653] wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.
4699| [CVE-2005-3568] db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
4700| [CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
4701| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
4702| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
4703| [CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
4704| [CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
4705| [CVE-2002-2380] NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
4706| [CVE-2002-0797] Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
4707| [CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
4708|
4709| SecurityFocus - https://www.securityfocus.com/bid/:
4710| [582] Microsoft IIS And PWS 8.3 Directory Name Vulnerability
4711| [58847] Microsoft Windows Defender for Windows 8 and Windows RT Local Privilege Escalation Vulnerability
4712| [42467] Microsoft Internet Explorer 8 'toStaticHTML()' HTML Sanitization Bypass Weakness
4713| [40490] Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
4714| [37135] Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability
4715| [35941] Microsoft Internet Explorer 8 Denial of Service Vulnerability
4716|
4717| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4718| [40937] Microsoft Windows Knowledge Base Article 815495 update not installed
4719| [37226] Microsoft Windows Knowledge Base Article 815495 update not installed
4720| [19102] Microsoft Knowledge Base Article 885834 is not installed
4721| [19090] Microsoft Knowledge Base Article 885250 is not installed
4722| [18392] Microsoft Windows Knowledge Base Article 885249 update is not installed
4723| [18391] Microsoft Windows Knowledge Base Article 885835 update is not installed
4724| [18390] Microsoft Windows Knowledge Base Article 885836 update is not installed
4725| [82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass
4726| [66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation
4727| [57338] Microsoft Internet Explorer 8 Developer Tools code execution
4728| [24509] Microsoft Windows Knowledge Base Article 889167 update is not installed
4729| [22882] Microsoft Windows Knowledge Base Article 896424 update is not installed
4730| [22156] Microsoft Windows Knowledge Base Article 899589 update is not installed
4731| [22155] Microsoft Knowledge Base Article 896688 is not installed
4732| [22072] Microsoft Knowledge Base Article 899587 is not installed
4733| [22071] Microsoft Knowledge Base Article 896428 is not installed
4734| [22069] Microsoft Knowledge Base Article 890859 is not installed
4735| [22068] Microsoft Knowledge Base Article 890046 is not installed
4736| [21704] Microsoft Windows Knowledge Base Article 896727 update is not installed
4737| [21605] Microsoft Windows Knowledge Base Article 896423 update is not installed
4738| [21603] Microsoft Windows Knowledge Base Article 899588 update is not installed
4739| [21601] Microsoft Windows Knowledge Base Article 899591 update is not installed
4740| [21600] Microsoft Windows Knowledge Base Article 893756 update is not installed
4741| [20826] Microsoft Windows Knowledge Base Article 896422 update is not installed
4742| [20825] Microsoft Windows Knowledge Base Article 896358 update is not installed
4743| [20823] Microsoft Windows Knowledge Base Article 890169 update is not installed
4744| [20822] Microsoft Windows Knowledge Base Article 883939 update is not installed
4745| [20820] Microsoft Windows Knowledge Base Article 896426 update is not installed
4746| [20382] Microsoft Windows Knowledge Base Article 894320 update is not installed
4747| [20318] Microsoft Windows Knowledge Base Article 893086 update is not installed
4748| [20317] Microsoft Windows Knowledge Base Article 890923 update is not installed
4749| [20000] Microsoft Windows Knowledge Base Article 892944 update is not installed
4750| [19875] Microsoft Knowledge Base Article 893066 is not installed
4751| [19843] Microsoft Windows Knowledge Base Article 894549 update is not installed
4752| [19252] Microsoft Knowledge Base Article 890261 is not installed
4753| [19141] Microsoft Knowledge Base Article 867282 is not installed
4754| [19118] Microsoft Knowledge Base Article 890047 is not installed
4755| [19116] Microsoft Knowledge Base Article 891781 is not installed
4756| [19112] Microsoft Knowledge Base Article 873352 is not installed
4757| [19111] Microsoft Knowledge Base Article 888113 is not installed
4758| [19106] Microsoft Knowledge Base Article 873333 is not installed
4759| [19095] Microsoft Knowledge Base Article 888302 is not installed
4760| [19092] Microsoft Knowledge Base Article 887981 is not installed
4761| [18944] Microsoft Knowledge Base Article 886185 is not installed
4762| [18770] Microsoft Knowledge Base Article 890175 is not installed
4763| [18769] Microsoft Knowledge Base Article 887219 is not installed
4764| [18768] Microsoft Windows Knowledge Base Article 891711 update is not installed
4765| [18766] Microsoft Windows Knowledge Base Article 871250 update is not installed
4766| [18394] Microsoft Windows Knowledge Base Article 870763 update is not installed
4767| [18393] Microsoft Windows Knowledge Base Article 873339 update is not installed
4768| [18314] Microsoft Windows Knowledge Base Article 889293 update is not installed
4769|
4770| Exploit-DB - https://www.exploit-db.com:
4771| [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities
4772| [31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability
4773| [30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability
4774| [28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities
4775| [12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability
4776|
4777| OpenVAS (Nessus) - http://www.openvas.org:
4778| [902914] Microsoft IIS GET Request Denial of Service Vulnerability
4779| [902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability
4780| [902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
4781| [901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
4782| [900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
4783| [900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
4784| [900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability
4785| [900567] Microsoft IIS Security Bypass Vulnerability (970483)
4786| [802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability
4787| [801669] Microsoft Windows IIS FTP Server DOS Vulnerability
4788| [801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability
4789| [100952] Microsoft IIS FTPd NLST stack overflow
4790| [11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability
4791| [10680] Test Microsoft IIS Source Fragment Disclosure
4792| [903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
4793| [903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045)
4794| [903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)
4795| [903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847)
4796| [903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)
4797| [903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830)
4798| [903017] Microsoft Office Remote Code Execution Vulnerability (2639185)
4799| [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
4800| [902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)
4801| [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
4802| [902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
4803| [902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451)
4804| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
4805| [902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184)
4806| [902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913)
4807| [902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135)
4808| [902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
4809| [902920] Microsoft Office Remote Code Execution Vulnerability (2731879)
4810| [902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
4811| [902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
4812| [902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
4813| [902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X)
4814| [902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352)
4815| [902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)
4816| [902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities
4817| [902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
4818| [902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
4819| [902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
4820| [902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992)
4821| [902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
4822| [902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
4823| [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
4824| [902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability
4825| [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
4826| [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
4827| [902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
4828| [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
4829| [902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
4830| [902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
4831| [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
4832| [902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
4833| [902798] Microsoft SMB Signing Enabled and Not Required At Server
4834| [902797] Microsoft SMB Signing Information Disclosure Vulnerability
4835| [902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
4836| [902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
4837| [902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
4838| [902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
4839| [902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
4840| [902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
4841| [902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
4842| [902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
4843| [902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465)
4844| [902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226)
4845| [902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
4846| [902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
4847| [902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
4848| [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)
4849| [902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177)
4850| [902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939)
4851| [902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
4852| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
4853| [902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)
4854| [902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
4855| [902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157)
4856| [902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
4857| [902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability
4858| [902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
4859| [902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability
4860| [902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
4861| [902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444)
4862| [902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
4863| [902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
4864| [902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
4865| [902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)
4866| [902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
4867| [902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048)
4868| [902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)
4869| [902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
4870| [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
4871| [902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670)
4872| [902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634)
4873| [902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621)
4874| [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
4875| [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
4876| [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
4877| [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
4878| [902518] Microsoft .NET Framework Security Bypass Vulnerability
4879| [902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
4880| [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
4881| [902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)
4882| [902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
4883| [902495] Microsoft Office Remote Code Execution Vulnerability (2590602)
4884| [902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
4885| [902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702)
4886| [902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)
4887| [902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)
4888| [902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
4889| [902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978)
4890| [902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
4891| [902455] Microsoft Visio Remote Code Execution Vulnerability (2560847)
4892| [902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893)
4893| [902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
4894| [902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275)
4895| [902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814)
4896| [902425] Microsoft Windows SMB Accessible Shares
4897| [902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510)
4898| [902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
4899| [902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
4900| [902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
4901| [902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
4902| [902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
4903| [902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
4904| [902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
4905| [902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293)
4906| [902351] Microsoft Groove Remote Code Execution Vulnerability (2494047)
4907| [902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
4908| [902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
4909| [902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
4910| [902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)
4911| [902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
4912| [902290] Microsoft Windows Active Directory SPN Denial of Service (2478953)
4913| [902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960)
4914| [902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)
4915| [902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
4916| [902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
4917| [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
4918| [902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678)
4919| [902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
4920| [902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420)
4921| [902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970)
4922| [902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
4923| [902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
4924| [902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
4925| [902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679)
4926| [902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
4927| [902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability
4928| [902255] Microsoft Visual Studio Insecure Library Loading Vulnerability
4929| [902254] Microsoft Office Products Insecure Library Loading Vulnerability
4930| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
4931| [902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
4932| [902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011)
4933| [902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886)
4934| [902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799)
4935| [902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
4936| [902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168)
4937| [902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
4938| [902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
4939| [902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)
4940| [902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212)
4941| [902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability
4942| [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
4943| [902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
4944| [902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381)
4945| [902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability
4946| [902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213)
4947| [902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
4948| [902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
4949| [902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232)
4950| [902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160)
4951| [902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
4952| [902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
4953| [902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182)
4954| [902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10
4955| [902133] Microsoft Office Excel Multiple Vulnerabilities (980150)
4956| [902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935)
4957| [902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
4958| [902115] Microsoft Kerberos Denial of Service Vulnerability (977290)
4959| [902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
4960| [902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)
4961| [902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707)
4962| [902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329)
4963| [902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852)
4964| [902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
4965| [902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
4966| [902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
4967| [902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)
4968| [902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094)
4969| [902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816)
4970| [902033] Microsoft Windows '.ani' file Denial of Service vulnerability
4971| [902015] Microsoft Paint Remote Code Execution Vulnerability (978706)
4972| [901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809)
4973| [901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857)
4974| [901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
4975| [901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660)
4976| [901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
4977| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
4978| [901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926)
4979| [901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448)
4980| [901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947)
4981| [901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)
4982| [901183] Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
4983| [901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
4984| [901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089)
4985| [901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930)
4986| [901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
4987| [901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
4988| [901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
4989| [901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
4990| [901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)
4991| [901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290)
4992| [901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)
4993| [901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461)
4994| [901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218)
4995| [901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858)
4996| [901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207)
4997| [901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
4998| [901069] Microsoft Office Project Remote Code Execution Vulnerability (967183)
4999| [901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
5000| [901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)
5001| [901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
5002| [901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309)
5003| [901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
5004| [901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
5005| [900973] Microsoft Office Word Remote Code Execution Vulnerability (976307)
5006| [900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
5007| [900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
5008| [900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
5009| [900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability
5010| [900956] Microsoft Windows Patterns & Practices EntLib Version Detection
5011| [900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
5012| [900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
5013| [900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)
5014| [900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09
5015| [900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09
5016| [900891] Microsoft Internet Denial Of Service Vulnerability - Nov09
5017| [900887] Microsoft Office Excel Multiple Vulnerabilities (972652)
5018| [900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
5019| [900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059)
5020| [900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
5021| [900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
5022| [900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
5023| [900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
5024| [900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
5025| [900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
5026| [900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability
5027| [900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
5028| [900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
5029| [900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability
5030| [900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability
5031| [900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883)
5032| [900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
5033| [900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
5034| [900808] Microsoft Visual Products Version Detection
5035| [900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability
5036| [900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10
5037| [900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)
5038| [900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856)
5039| [900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
5040| [900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
5041| [900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953)
5042| [900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
5043| [900568] Microsoft Windows Search Script Execution Vulnerability (963093)
5044| [900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
5045| [900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557)
5046| [900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
5047| [900461] Microsoft MSN Live Messneger Denial of Service Vulnerability
5048| [900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
5049| [900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability
5050| [900400] Microsoft Internet Explorer Unicode String DoS Vulnerability
5051| [900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516)
5052| [900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites
5053| [900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514)
5054| [900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09
5055| [900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability
5056| [900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
5057| [900314] Microsoft XML Core Service Information Disclosure Vulnerability
5058| [900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability
5059| [900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
5060| [900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
5061| [900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)
5062| [900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)
5063| [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
5064| [900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
5065| [900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)
5066| [900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
5067| [900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
5068| [900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
5069| [900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)
5070| [900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
5071| [900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
5072| [900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)
5073| [900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
5074| [900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434)
5075| [900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)
5076| [900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
5077| [900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386)
5078| [900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)
5079| [900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902)
5080| [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
5081| [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
5082| [900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
5083| [900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)
5084| [900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683)
5085| [900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402)
5086| [900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561)
5087| [900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
5088| [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
5089| [900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214)
5090| [900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)
5091| [900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
5092| [900192] Microsoft Internet Explorer Information Disclosure Vulnerability
5093| [900187] Microsoft Internet Explorer Argument Injection Vulnerability
5094| [900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability
5095| [900173] Microsoft Windows Media Player Version Detection
5096| [900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability
5097| [900170] Microsoft iExplorer '&NBSP
5098| [900131] Microsoft Internet Explorer Denial of Service Vulnerability
5099| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
5100| [900120] Microsoft Organization Chart Remote Code Execution Vulnerability
5101| [900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
5102| [900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
5103| [900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
5104| [900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
5105| [900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
5106| [900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
5107| [900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
5108| [900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
5109| [900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
5110| [900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
5111| [900048] Microsoft Excel Remote Code Execution Vulnerability (956416)
5112| [900047] Microsoft Office nformation Disclosure Vulnerability (957699)
5113| [900046] Microsoft Office Remote Code Execution Vulnerabilities (955047)
5114| [900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)
5115| [900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
5116| [900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
5117| [900025] Microsoft Office Version Detection
5118| [900006] Microsoft Word Could Allow Remote Code Execution Vulnerability
5119| [900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
5120| [855384] Solaris Update for snmp/mibiisa 108870-36
5121| [855273] Solaris Update for snmp/mibiisa 108869-36
5122| [803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
5123| [803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
5124| [802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)
5125| [802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
5126| [802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
5127| [802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
5128| [802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)
5129| [802726] Microsoft SMB Signing Disabled
5130| [802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities
5131| [802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
5132| [802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
5133| [802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655)
5134| [802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability
5135| [802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)
5136| [802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
5137| [802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
5138| [802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability
5139| [802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities
5140| [802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
5141| [802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability
5142| [802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability
5143| [802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows)
5144| [802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637)
5145| [801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
5146| [801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
5147| [801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities
5148| [801934] Microsoft Silverlight Version Detection
5149| [801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
5150| [801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability
5151| [801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability
5152| [801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
5153| [801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
5154| [801721] Microsoft Active Directory Denial of Service Vulnerability (953235)
5155| [801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
5156| [801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213)
5157| [801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
5158| [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
5159| [801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
5160| [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
5161| [801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
5162| [801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
5163| [801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456)
5164| [801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)
5165| [801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
5166| [801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
5167| [801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities
5168| [801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability
5169| [801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
5170| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
5171| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
5172| [801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
5173| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
5174| [801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
5175| [801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
5176| [801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
5177| [801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095)
5178| [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
5179| [801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693)
5180| [801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
5181| [801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762)
5182| [801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)
5183| [801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349)
5184| [801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
5185| [801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
5186| [801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565)
5187| [801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)
5188| [801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability
5189| [801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
5190| [801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10)
5191| [801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10
5192| [801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
5193| [801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
5194| [801342] Microsoft ASP.NET Cross-Site Scripting vulnerability
5195| [801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
5196| [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
5197| [801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
5198| [801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities
5199| [800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability
5200| [800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
5201| [800902] Microsoft Internet Explorer XSS Vulnerability - July09
5202| [800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09
5203| [800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09
5204| [800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
5205| [800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
5206| [800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
5207| [800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
5208| [800742] Microsoft Internet Explorer Unspecified vulnerability
5209| [800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability
5210| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
5211| [800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09
5212| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
5213| [800505] Microsoft HTML Help Workshop buffer overflow vulnerability
5214| [800504] Microsoft Windows XP SP3 denial of service vulnerability
5215| [800481] Microsoft SharePoint Cross Site Scripting Vulnerability
5216| [800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
5217| [800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
5218| [800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
5219| [800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
5220| [800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
5221| [800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)
5222| [800347] Microsoft Internet Explorer Clickjacking Vulnerability
5223| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
5224| [800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability
5225| [800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability
5226| [800331] Microsoft Windows Live Messenger Client Version Detection
5227| [800328] Integer Overflow vulnerability in Microsoft Windows Media Player
5228| [800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability
5229| [800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability
5230| [800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability
5231| [800217] Microsoft Money Version Detection
5232| [800209] Microsoft Internet Explorer Version Detection (Win)
5233| [800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
5234| [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
5235| [800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability
5236| [800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
5237| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
5238| [102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127)
5239| [102055] Microsoft Windows GDI Multiple Vulnerabilities (925902)
5240| [102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969)
5241| [102015] Microsoft RPC Interface Buffer Overrun (KB824146)
5242| [101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
5243| [101017] Microsoft MS03-018 security check
5244| [101016] Microsoft MS03-022 security check
5245| [101015] Microsoft MS03-034 security check
5246| [101014] Microsoft MS00-078 security check
5247| [101012] Microsoft MS03-051 security check
5248| [101010] Microsoft Security Bulletin MS05-004
5249| [101009] Microsoft Security Bulletin MS06-033
5250| [101007] Microsoft dotNET version grabber
5251| [101006] Microsoft Security Bulletin MS06-056
5252| [101005] Microsoft Security Bulletin MS07-040
5253| [101004] Microsoft MS04-017 security check
5254| [101003] Microsoft MS00-058 security check
5255| [101000] Microsoft MS00-060 security check
5256| [100950] Microsoft DNS server internal hostname disclosure detection
5257| [100624] Microsoft Windows SMTP Server DNS spoofing vulnerability
5258| [100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
5259| [100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
5260| [100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
5261| [100062] Microsoft Remote Desktop Protocol Detection
5262| [90024] Windows Vulnerability in Microsoft Jet Database Engine
5263| [80007] Microsoft MS00-06 security check
5264| [13752] Denial of Service (DoS) in Microsoft SMS Client
5265| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
5266| [11874] IIS Service Pack - 404
5267| [11808] Microsoft RPC Interface Buffer Overrun (823980)
5268| [11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009)
5269| [11217] Microsoft's SQL Version Query
5270| [11177] Flaw in Microsoft VM Could Allow Code Execution (810030)
5271| [11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380)
5272| [11142] IIS XSS via IDC error
5273| [11067] Microsoft's SQL Hello Overflow
5274| [11003] IIS Possible Compromise
5275| [10993] IIS ASP.NET Application Trace Enabled
5276| [10991] IIS Global.asa Retrieval
5277| [10936] IIS XSS via 404 error
5278| [10862] Microsoft's SQL Server Brute Force
5279| [10755] Microsoft Exchange Public Folders Information Leak
5280| [10732] IIS 5.0 WebDav Memory Leakage
5281| [10699] IIS FrontPage DoS II
5282| [10695] IIS .IDA ISAPI filter applied
5283| [10674] Microsoft's SQL UDP Info Query
5284| [10673] Microsoft's SQL Blank Password
5285| [10671] IIS Remote Command Execution
5286| [10667] IIS 5.0 PROPFIND Vulnerability
5287| [10661] IIS 5 .printer ISAPI filter applied
5288| [10657] NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability
5289| [10585] IIS FrontPage DoS
5290| [10576] Check for dangerous IIS default files
5291| [10575] Check for IIS .cnf file leakage
5292| [10573] IIS 5.0 Sample App reveals physical path of web root
5293| [10572] IIS 5.0 Sample App vulnerable to cross-site scripting attack
5294| [10537] IIS directory traversal
5295| [10492] IIS IDA/IDQ Path Disclosure
5296| [10491] ASP/ASA source using Microsoft Translate f: bug
5297| [10144] Microsoft SQL TCP/IP listener is running
5298|
5299| SecurityTracker - https://www.securitytracker.com:
5300| [1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
5301| [1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords
5302| [1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users
5303| [1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service
5304| [1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service
5305| [1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls
5306| [1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service
5307| [1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code
5308| [1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests
5309| [1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files
5310| [1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases
5311| [1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service
5312| [1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code
5313| [1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases
5314| [1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users
5315| [1008563] Microsoft IIS Fails to Log HTTP TRACK Requests
5316| [1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators
5317| [1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
5318| [1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service
5319| [1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
5320| [1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users
5321| [1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code
5322| [1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files
5323| [1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server
5324| [1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks
5325| [1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server
5326| [1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers
5327| [1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service
5328| [1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code
5329| [1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code
5330| [1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs
5331| [1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services
5332| [1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service
5333| [1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server
5334| [1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server
5335| [1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected
5336| [1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries
5337| [1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information
5338| [1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code
5339| [1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash
5340| [1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users
5341| [1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem
5342| [1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall
5343| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
5344| [1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error
5345| [1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command
5346| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
5347| [1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts
5348| [1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users
5349| [1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User
5350|
5351| OSVDB - http://www.osvdb.org:
5352| [91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS
5353| [65218] Microsoft IE 8 Developer Tools ActiveX Remote Code Execution
5354| [87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS
5355| [87262] Microsoft IIS FTP Command Injection Information Disclosure
5356| [87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure
5357| [86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure
5358| [83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure
5359| [83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization
5360| [83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure
5361| [82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass
5362| [76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS
5363| [71856] Microsoft IIS Status Header Handling Remote Overflow
5364| [70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow
5365| [67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass
5366| [67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow
5367| [67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS
5368| [66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass
5369| [65216] Microsoft IIS Extended Protection for Authentication Memory Corruption
5370| [62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS
5371| [61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation
5372| [61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass
5373| [61249] Microsoft IIS ctss.idc table Parameter SQL Injection
5374| [59892] Microsoft IIS Malformed Host Header Remote DoS
5375| [59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
5376| [59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
5377| [59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS
5378| [57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS
5379| [57589] Microsoft IIS FTP Server NLST Command Remote Overflow
5380| [56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass
5381| [55269] Microsoft IIS Traversal GET Request Remote DoS
5382| [54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass
5383| [52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing
5384| [52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS
5385| [52238] Microsoft IIS IDC Extension XSS
5386| [49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation
5387| [49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS
5388| [49059] Microsoft IIS IPP Service Unspecified Remote Overflow
5389| [45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass
5390| [43451] Microsoft IIS HTTP Request Smuggling
5391| [41456] Microsoft IIS File Change Handling Local Privilege Escalation
5392| [41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution
5393| [41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
5394| [41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation
5395| [41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass
5396| [35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution
5397| [33457] Microsoft IIS Crafted TCP Connection Range Header DoS
5398| [28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
5399| [27152] Microsoft Windows IIS ASP Page Processing Overflow
5400| [27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
5401| [23590] Microsoft IIS Traversal Arbitrary FPSE File Access
5402| [21805] Microsoft IIS Crafted URL Remote DoS
5403| [21537] Microsoft IIS Log File Permission Weakness Remote Modification
5404| [18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
5405| [17124] Microsoft IIS Malformed WebDAV Request DoS
5406| [17123] Microsoft IIS Multiple Unspecified Admin Pages XSS
5407| [17122] Microsoft IIS Permission Weakness .COM File Upload
5408| [15749] Microsoft IIS / Site Server code.asp Arbitrary File Access
5409| [15342] Microsoft IIS Persistent FTP Banner Information Disclosure
5410| [14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
5411| [13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing
5412| [13760] Microsoft IIS Malformed URL Request DoS
5413| [13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow
5414| [13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS
5415| [13558] Microsoft IIS SSL Request Resource Exhaustion DoS
5416| [13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access
5417| [13479] Microsoft IIS for Far East Parsed Page Source Disclosure
5418| [13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure
5419| [13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS
5420| [13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
5421| [13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
5422| [13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure
5423| [13430] Microsoft IIS aexp4.htr Password Policy Bypass
5424| [13429] Microsoft IIS aexp3.htr Password Policy Bypass
5425| [13428] Microsoft IIS aexp2b.htr Password Policy Bypass
5426| [13427] Microsoft IIS aexp2.htr Password Policy Bypass
5427| [13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure
5428| [13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS
5429| [11455] Microsoft IIS / PWS DOS Filename Request Access Bypass
5430| [11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure
5431| [11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure
5432| [11257] Microsoft IIS Malformed GET Request DoS
5433| [11157] Microsoft IIS FTP Service PASV Connection Saturation DoS
5434| [11101] Microsoft IIS Multiple Slash ASP Page Request DoS
5435| [9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure
5436| [9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution
5437| [9200] Microsoft IIS Unspecified XSS Variant
5438| [9199] Microsoft IIS shtml.dll XSS
5439| [8098] Microsoft IIS Virtual Directory ASP Source Disclosure
5440| [7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
5441| [7737] Microsoft IIS ASP Redirection Function XSS
5442| [7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking
5443| [5851] Microsoft IIS Single Dot Source Code Disclosure
5444| [5736] Microsoft IIS Relative Path System Privilege Escalation
5445| [5693] Microsoft MS00-060 Patch IIS Malformed Request DoS
5446| [5633] Microsoft IIS Invalid WebDAV Request DoS
5447| [5606] Microsoft IIS WebDAV PROPFIND Request DoS
5448| [5584] Microsoft IIS URL Redirection Malformed Length DoS
5449| [5566] Microsoft IIS Form_VBScript.asp XSS
5450| [5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow
5451| [4864] Microsoft IIS TRACK Logging Failure
5452| [4863] Microsoft IIS Active Server Page Header DoS
5453| [4791] Microsoft IIS Response Object DoS
5454| [4655] Microsoft IIS ssinc.dll Long Filename Overflow
5455| [4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow
5456| [3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation
5457| [3500] Microsoft IIS fpcount.exe Remote Overflow
5458| [3341] Microsoft IIS Redirect Response XSS
5459| [3339] Microsoft IIS HTTP Error Page XSS
5460| [3338] Microsoft IIS Help File XSS
5461| [3328] Microsoft IIS FTP Status Request DoS
5462| [3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS
5463| [3325] Microsoft IIS HTR ISAPI Overflow
5464| [3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow
5465| [3320] Microsoft IIS ASP Server-Side Include Buffer Overflow
5466| [3316] Microsoft IIS HTTP Header Field Delimiter Overflow
5467| [3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow
5468| [3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval
5469| [3231] Microsoft IIS Log Bypass
5470| [2106] Microsoft Media Services ISAPI nsiislog.dll Overflow
5471| [1931] Microsoft IIS MIME Content-Type Header DoS
5472| [1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow
5473| [1826] Microsoft IIS Domain Guest Account Disclosure
5474| [1824] Microsoft IIS FTP DoS
5475| [1804] Microsoft IIS Long Request Parsing Remote DoS
5476| [1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS
5477| [1750] Microsoft IIS File Fragment Disclosure
5478| [1543] Microsoft NT/IIS Invalid URL Request DoS
5479| [1504] Microsoft IIS File Permission Canonicalization Bypass
5480| [1465] Microsoft IIS .htr Missing Variable DoS
5481| [1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure
5482| [1322] Microsoft IIS Malformed .htr Request DoS
5483| [1281] Microsoft IIS Escaped Character Saturation Remote DoS
5484| [1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS
5485| [1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access
5486| [1170] Microsoft IIS Escape Character URL Access Bypass
5487| [1083] Microsoft IIS FTP NO ACCESS Read/Delete File
5488| [1082] Microsoft IIS Domain Resolution Access Bypass
5489| [1041] Microsoft IIS Malformed HTTP Request Header DoS
5490| [1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation
5491| [930] Microsoft IIS Shared ASP Cache Information Disclosure
5492| [929] Microsoft IIS FTP Server NLST Command Overflow
5493| [928] Microsoft IIS Long Request Log Evasion
5494| [815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure
5495| [814] Microsoft IIS global.asa Remote Information Disclosure
5496| [782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access
5497| [771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation
5498| [768] Microsoft IIS ASP Chunked Encoding Heap Overflow
5499| [636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure
5500| [630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure
5501| [568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow
5502| [564] Microsoft IIS ISM.dll Fragmented Source Disclosure
5503| [556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution
5504| [525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution
5505| [482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS
5506| [475] Microsoft IIS bdir.htr Arbitrary Directory Listing
5507| [474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access
5508| [473] Microsoft IIS Multiple .cnf File Information Disclosure
5509| [471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure
5510| [470] Microsoft IIS Form_JScript.asp XSS
5511| [463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
5512| [436] Microsoft IIS Unicode Remote Command Execution
5513| [425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
5514| [391] Microsoft IIS IDA/IDQ Document Root Path Disclosure
5515| [390] Microsoft IIS Translate f: Request ASP Source Disclosure
5516| [308] Microsoft IIS Malformed File Extension URL DoS
5517| [285] Microsoft IIS repost.asp File Upload
5518| [284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration
5519| [283] Microsoft IIS /iissamples Multiple Sample Scripts Installed
5520| [277] Microsoft IIS / PWS %2e Request ASP Source Disclosure
5521| [276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure
5522| [275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation
5523| [274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
5524| [273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation
5525| [272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution
5526| [271] Microsoft IIS WebHits null.htw .asp Source Disclosure
5527| [98] Microsoft IIS perl.exe HTTP Path Disclosure
5528| [97] Microsoft IIS ISM.DLL HTR Request Overflow
5529| [96] Microsoft IIS idq.dll Traversal Arbitrary File Access
5530| [7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
5531| [4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS
5532| [3] Microsoft IIS ExAir query.asp Direct Request Remote DoS
5533| [2] Microsoft IIS ExAir search.asp Direct Request DoS
5534|_
5535Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
5536OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
5537No OS matches for host
5538Network Distance: 10 hops
5539Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
5540
5541TRACEROUTE (using port 80/tcp)
5542HOP RTT ADDRESS
55431 276.63 ms 10.250.204.1
55442 276.69 ms 45.131.4.3
55453 276.68 ms 109.236.95.226
55464 276.72 ms 109.236.95.173
55475 276.74 ms ae3.amster51.ams.seabone.net (195.22.213.126)
55486 276.79 ms racc.istanbul4.ist.seabone.net (93.186.132.157)
55497 276.78 ms superonline.istanbul1.ist.seabone.net (93.186.132.155)
55508 ... 9
555110 276.88 ms 2.58.141.20
5552
5553NSE: Script Post-scanning.
5554Initiating NSE at 22:00
5555Completed NSE at 22:00, 0.00s elapsed
5556Initiating NSE at 22:00
5557Completed NSE at 22:00, 0.00s elapsed
5558Read data files from: /usr/bin/../share/nmap
5559OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
5560Nmap done: 1 IP address (1 host up) scanned in 214.62 seconds
5561 Raw packets sent: 157 (12.876KB) | Rcvd: 39 (4.006KB)
5562#######################################################################################################################################
5563Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-17 22:00 EDT
5564NSE: Loaded 47 scripts for scanning.
5565NSE: Script Pre-scanning.
5566Initiating NSE at 22:00
5567Completed NSE at 22:00, 0.00s elapsed
5568Initiating NSE at 22:00
5569Completed NSE at 22:00, 0.00s elapsed
5570Initiating Parallel DNS resolution of 1 host. at 22:00
5571Completed Parallel DNS resolution of 1 host. at 22:00, 0.18s elapsed
5572Initiating UDP Scan at 22:00
5573Scanning 2.58.141.20 [15 ports]
5574Completed UDP Scan at 22:00, 5.28s elapsed (15 total ports)
5575Initiating Service scan at 22:00
5576Scanning 13 services on 2.58.141.20
5577Service scan Timing: About 7.69% done; ETC: 22:21 (0:19:36 remaining)
5578Completed Service scan at 22:02, 102.60s elapsed (13 services on 1 host)
5579Initiating OS detection (try #1) against 2.58.141.20
5580Retrying OS detection (try #2) against 2.58.141.20
5581Initiating Traceroute at 22:02
5582Completed Traceroute at 22:02, 7.25s elapsed
5583Initiating Parallel DNS resolution of 1 host. at 22:02
5584Completed Parallel DNS resolution of 1 host. at 22:02, 0.00s elapsed
5585NSE: Script scanning 2.58.141.20.
5586Initiating NSE at 22:02
5587Completed NSE at 22:02, 8.15s elapsed
5588Initiating NSE at 22:02
5589NSOCK ERROR [133.5980s] mksock_bind_addr(): Bind to 0.0.0.0:123 failed (IOD #14): Address already in use (98)
5590Completed NSE at 22:02, 2.34s elapsed
5591Nmap scan report for 2.58.141.20
5592Host is up (0.24s latency).
5593
5594PORT STATE SERVICE VERSION
559553/udp open|filtered domain
559667/udp open|filtered dhcps
559768/udp open|filtered dhcpc
559869/udp open|filtered tftp
559988/udp open|filtered kerberos-sec
5600123/udp open|filtered ntp
5601137/udp filtered netbios-ns
5602138/udp filtered netbios-dgm
5603139/udp open|filtered netbios-ssn
5604161/udp open|filtered snmp
5605162/udp open|filtered snmptrap
5606389/udp open|filtered ldap
5607500/udp open|filtered isakmp
5608|_ike-version: ERROR: Script execution failed (use -d to debug)
5609520/udp open|filtered route
56102049/udp open|filtered nfs
5611Too many fingerprints match this host to give specific OS details
5612
5613TRACEROUTE (using port 137/udp)
5614HOP RTT ADDRESS
56151 229.84 ms 10.250.204.1
56162 ... 3
56174 99.62 ms 10.250.204.1
56185 302.69 ms 10.250.204.1
56196 302.69 ms 10.250.204.1
56207 302.69 ms 10.250.204.1
56218 302.67 ms 10.250.204.1
56229 201.55 ms 10.250.204.1
562310 101.49 ms 10.250.204.1
562411 ... 18
562519 223.14 ms 10.250.204.1
562620 100.30 ms 10.250.204.1
562721 ... 27
562828 106.33 ms 10.250.204.1
562929 ...
563030 100.11 ms 10.250.204.1
5631
5632NSE: Script Post-scanning.
5633Initiating NSE at 22:02
5634Completed NSE at 22:02, 0.00s elapsed
5635Initiating NSE at 22:02
5636Completed NSE at 22:02, 0.00s elapsed
5637#######################################################################################################################################
5638Hosts
5639=====
5640
5641address mac name os_name os_flavor os_sp purpose info comments
5642------- --- ---- ------- --------- ----- ------- ---- --------
56432.58.141.20 Unknown device
5644
5645Services
5646========
5647
5648host port proto name state info
5649---- ---- ----- ---- ----- ----
56502.58.141.20 53 udp domain unknown
56512.58.141.20 67 udp dhcps unknown
56522.58.141.20 68 udp dhcpc unknown
56532.58.141.20 69 udp tftp unknown
56542.58.141.20 88 udp kerberos-sec unknown
56552.58.141.20 123 udp ntp unknown
56562.58.141.20 137 udp netbios-ns filtered
56572.58.141.20 138 udp netbios-dgm filtered
56582.58.141.20 139 udp netbios-ssn unknown
56592.58.141.20 161 udp snmp unknown
56602.58.141.20 162 udp snmptrap unknown
56612.58.141.20 389 udp ldap unknown
56622.58.141.20 500 udp isakmp unknown
56632.58.141.20 520 udp route unknown
56642.58.141.20 2049 udp nfs unknown
5665#######################################################################################################################################
5666 Anonymous JTSEC #OpTurkey Full Recon #13