Filtered by vendor Microsoft
Subscribe
Total
19372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0391 | 1 Microsoft | 3 Terminal Server, Windows 2000, Windows Nt | 2024-02-04 | 7.5 HIGH | N/A |
| The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. | |||||
| CVE-2003-0825 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2024-02-04 | 9.3 HIGH | N/A |
| The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-1999-0281 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| Denial of service in IIS using long URLs. | |||||
| CVE-2004-0207 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows 98 and 2 more | 2024-02-04 | 2.1 LOW | N/A |
| "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. | |||||
| CVE-2001-0151 | 1 Microsoft | 1 Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. | |||||
| CVE-2001-1186 | 1 Microsoft | 1 Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. | |||||
| CVE-2002-0372 | 1 Microsoft | 1 Windows Media Player | 2024-02-04 | 7.5 HIGH | N/A |
| Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". | |||||
| CVE-2000-0630 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. | |||||
| CVE-1999-0387 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-02-04 | 7.8 HIGH | N/A |
| A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. | |||||
| CVE-2000-1081 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-1999-0258 | 1 Microsoft | 2 Windows 95, Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| Bonk variation of teardrop IP fragmentation denial of service. | |||||
| CVE-2003-1041 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | |||||
| CVE-2002-0150 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | |||||
| CVE-2000-0662 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). | |||||
| CVE-2002-0053 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. | |||||
| CVE-1999-0980 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. | |||||
| CVE-2002-0719 | 1 Microsoft | 1 Content Management Server | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. | |||||
| CVE-2002-0864 | 1 Microsoft | 4 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." | |||||
| CVE-2004-0216 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 10.0 HIGH | N/A |
| Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. | |||||
| CVE-1999-1233 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 7.5 HIGH | N/A |
| IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. | |||||