Filtered by vendor Microsoft
Subscribe
Total
19372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0824 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | |||||
| CVE-2001-1243 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | |||||
| CVE-2001-1518 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 2.1 LOW | N/A |
| RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. | |||||
| CVE-2000-0756 | 1 Microsoft | 1 Outlook | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. | |||||
| CVE-2002-0054 | 1 Microsoft | 2 Exchange Server, Windows 2000 | 2024-02-04 | 7.5 HIGH | N/A |
| SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | |||||
| CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2024-02-04 | 2.1 LOW | N/A |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | |||||
| CVE-1999-1035 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. | |||||
| CVE-2001-0544 | 1 Microsoft | 1 Internet Information Services | 2024-02-04 | 2.1 LOW | N/A |
| IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. | |||||
| CVE-2001-0006 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 2.1 LOW | 7.1 HIGH |
| The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. | |||||
| CVE-2004-1686 | 1 Microsoft | 1 Ie | 2024-02-04 | 5.0 MEDIUM | N/A |
| Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | |||||
| CVE-2000-0631 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. | |||||
| CVE-2000-0115 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. | |||||
| CVE-1999-1222 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. | |||||
| CVE-2002-0373 | 1 Microsoft | 1 Windows Media Player | 2024-02-04 | 7.2 HIGH | N/A |
| The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". | |||||
| CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | |||||
| CVE-2002-1139 | 1 Microsoft | 3 Windows 98 Plus Pack, Windows Me, Windows Xp | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." | |||||
| CVE-2004-1319 | 2 Microsoft, Nortel | 9 Windows 2000, Windows 2003 Server, Windows 98 and 6 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | |||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||
| CVE-2003-0116 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution." | |||||
| CVE-1999-1234 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. | |||||