Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
IIS BUG
2010-12-22	John Bambenek	IIS 7.5 0-Day DoS (processing FTP requests)
2009-12-28	Johannes Ullrich	8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
IIS
2015-04-15/a>	Johannes Ullrich	MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2010-12-22/a>	John Bambenek	IIS 7.5 0-Day DoS (processing FTP requests)
2010-06-09/a>	Deborah Hale	Mass Infection of IIS/ASP Sites
2009-12-29/a>	Rick Wanner	Microsoft responds to possible IIS 6 0-day
2009-12-28/a>	Johannes Ullrich	8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-12-27/a>	Patrick Nolan	Pressure increasing for Microsoft to patch IIS 0 day
2009-12-24/a>	Guy Bruneau	Microsoft IIS File Parsing Extension Vulnerability
2009-09-08/a>	Adrien de Beaupre	Microsoft Security Advisory 975191 Revised
2009-09-04/a>	Adrien de Beaupre	Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0
2009-05-24/a>	Raul Siles	IIS admins, help finding WebDAV remotely using nmap
2009-05-21/a>	Adrien de Beaupre	IIS admins, help finding WebDAV
2009-05-15/a>	Daniel Wesemann	IIS6.0 WebDav Remote Auth Bypass
2009-01-12/a>	William Salusky	Web Application Firewalls (WAF) - Have you deployed WAF technology?
2008-04-18/a>	John Bambenek	IIS Vulnerability Documented by Microsoft - Includes Workarounds
BUG
2022-08-23/a>	Xavier Mertens	Who's Looking at Your security.txt File?
2022-01-02/a>	Guy Bruneau	Exchange Server - Email Trapped in Transport Queues
2021-09-29/a>	Yee Ching Tok	Keeping Track of Time: Network Time Protocol and a GPSD Bug
2021-08-20/a>	Xavier Mertens	Waiting for the C2 to Show Up
2021-07-06/a>	Xavier Mertens	Python DLL Injection Check
2021-05-21/a>	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2021-01-30/a>	Guy Bruneau	Wireshark 3.2.11 is now available which contains Bug Fixes - https://www.wireshark.org
2020-09-24/a>	Xavier Mertens	Party in Ibiza with PowerShell
2020-06-11/a>	Xavier Mertens	Anti-Debugging JavaScript Techniques
2020-06-04/a>	Xavier Mertens	Anti-Debugging Technique based on Memory Protection
2017-02-25/a>	Guy Bruneau	Unpatched Microsoft Edge and IE Bug
2016-02-27/a>	Guy Bruneau	Wireshark Fixes Several Bugs and Vulnerabilities
2015-02-12/a>	Johannes Ullrich	Did You Remove That Debug Code? Netatmo Weather Station Sending WPA Passphrase in the Clear
2014-09-19/a>	Guy Bruneau	PHP Fixes Several Bugs in Version 5.4 and 5.5
2014-04-08/a>	Guy Bruneau	OpenSSL CVE-2014-0160 Fixed
2013-07-28/a>	Guy Bruneau	Wireshark 1.8.9 and 1.10.1 Security Update
2013-06-22/a>	Guy Bruneau	Facebook Reports a Potential Leak of User Data
2012-03-27/a>	Guy Bruneau	Wireshark 1.6.6 and 1.4.2 Released
2012-03-27/a>	Guy Bruneau	Opera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/
2010-12-22/a>	John Bambenek	IIS 7.5 0-Day DoS (processing FTP requests)
2010-04-10/a>	Andre Ludwig	New bug/exploit for javaws
2010-02-26/a>	Rick Wanner	New version of FireBug Firefox plug-in - http://getfirebug.com/
2009-12-28/a>	Johannes Ullrich	8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-10-26/a>	Johannes Ullrich	Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
2009-08-31/a>	Pedro Bueno	Microsoft IIS 5/6 FTP 0Day released
2009-07-17/a>	John Bambenek	Cross-Platform, Cross-Browser DoS Vulnerability
2008-07-11/a>	Jim Clausing	And you thought the DNS issue was an old one...

IIS BUG

IIS

BUG