Index Server

index_server

Vendor: Microsoft • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2001-0986 1Microsoft 1Index Server Apr 16, 2026 Sep 14, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a...Show more SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.Show less
CVE-2001-0500 1Microsoft 3Index Server Indexing ServiceInternet Information Server Apr 16, 2026 Jul 21, 2001 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administra...Show more Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.Show less
CVE-2001-0245 1Microsoft 2Index Server Indexing Service Apr 16, 2026 Jun 27, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highli...Show more Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.Show less
CVE-2001-0244 1Microsoft 1Index Server Apr 16, 2026 Jun 27, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
CVE-2000-0302 1Microsoft 1Index Server Apr 16, 2026 Mar 31, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
CVE-2000-0098 1Microsoft 1Index Server Apr 16, 2026 Jan 26, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.
CVE-2000-0097 1Microsoft 1Index Server Apr 16, 2026 Jan 26, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.
CVE-1999-1011 1Microsoft 4Data Access Components Index ServerInternet Information Server+1 more Apr 16, 2026 Jul 19, 1999 N/A· v4 N/A· v3 10.0 HIGH· v2 The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVE-1999-1397 1Microsoft 1Index Server Apr 16, 2026 Mar 23, 1999 N/A· v4 N/A· v3 7.5 HIGH· v2 Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directori...Show more Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.Show less