Filtered by vendor Microsoft
Subscribe
Total
19372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0542 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. | |||||
| CVE-2002-0692 | 1 Microsoft | 3 Frontpage Server Extensions, Windows 2000, Windows Xp | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. | |||||
| CVE-2000-1087 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-2001-0003 | 1 Microsoft | 4 Office, Windows 2000, Windows Me and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. | |||||
| CVE-2003-0815 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | |||||
| CVE-1999-0999 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | |||||
| CVE-1999-0278 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. | |||||
| CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. | |||||
| CVE-1999-0489 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 10.0 HIGH | N/A |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. | |||||
| CVE-2001-0091 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 2.6 LOW | N/A |
| The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. | |||||
| CVE-2002-0024 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. | |||||
| CVE-2003-0011 | 1 Microsoft | 1 Isa Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled. | |||||
| CVE-2003-0469 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. | |||||
| CVE-2002-0650 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. | |||||
| CVE-2001-0340 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
| An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. | |||||
| CVE-2000-0709 | 1 Microsoft | 1 Frontpage | 2024-02-04 | 5.0 MEDIUM | N/A |
| The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. | |||||
| CVE-1999-0488 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. | |||||
| CVE-2004-0574 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Nt and 1 more | 2024-02-04 | 10.0 HIGH | N/A |
| The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. | |||||
| CVE-2001-1410 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. | |||||
| CVE-2002-1790 | 1 Microsoft | 3 Exchange Server, Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | |||||