Filtered by vendor Microsoft
Subscribe
Total
19372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0738 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-2000-0202 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 7.5 HIGH | N/A |
| Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | |||||
| CVE-2000-0331 | 1 Microsoft | 3 Terminal Server, Windows 2000, Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. | |||||
| CVE-2002-0693 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. | |||||
| CVE-2001-0045 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 10.0 HIGH | N/A |
| The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities. | |||||
| CVE-2002-0443 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. | |||||
| CVE-2004-0503 | 1 Microsoft | 1 Outlook | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. | |||||
| CVE-2004-0484 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 2.6 LOW | N/A |
| mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference. | |||||
| CVE-2001-0016 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
| NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. | |||||
| CVE-2002-1184 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
| The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. | |||||
| CVE-2002-0979 | 1 Microsoft | 1 Virtual Machine | 2024-02-04 | 7.5 HIGH | N/A |
| The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code. | |||||
| CVE-2002-0721 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 10.0 HIGH | N/A |
| Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. | |||||
| CVE-1999-1217 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
| The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. | |||||
| CVE-1999-0572 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 9.3 HIGH | N/A |
| .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. | |||||
| CVE-1999-0284 | 2 Ibm, Microsoft | 2 Lotus Domino Mail Server, Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
| Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. | |||||
| CVE-2002-1140 | 1 Microsoft | 1 Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." | |||||
| CVE-2000-0085 | 1 Microsoft | 1 Hotmail | 2024-02-04 | 7.5 HIGH | N/A |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. | |||||
| CVE-2002-0619 | 1 Microsoft | 1 Office | 2024-02-04 | 7.5 HIGH | N/A |
| The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). | |||||
| CVE-1999-0511 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 7.5 HIGH | N/A |
| IP forwarding is enabled on a machine which is not a router or firewall. | |||||
| CVE-2002-0500 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. | |||||