Filtered by vendor Microsoft
Subscribe
Total
19321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0620 | 1 Microsoft | 1 Commerce Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. | |||||
| CVE-2001-0046 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
| The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities. | |||||
| CVE-2001-0662 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. | |||||
| CVE-2000-0081 | 1 Microsoft | 1 Hotmail | 2024-02-04 | 10.0 HIGH | N/A |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript. | |||||
| CVE-1999-0967 | 1 Microsoft | 3 Internet Explorer, Outlook Express, Windows Explorer | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. | |||||
| CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | |||||
| CVE-2003-0663 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message. | |||||
| CVE-1999-0294 | 1 Microsoft | 1 Wins | 2024-02-04 | 5.0 MEDIUM | N/A |
| All records in a WINS database can be deleted through SNMP for a denial of service. | |||||
| CVE-1999-0721 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 7.8 HIGH | N/A |
| Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. | |||||
| CVE-2003-1454 | 4 Invision Power Services, Linux, Microsoft and 1 more | 4 Invision Board, Linux Kernel, All Windows and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. | |||||
| CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
| Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | |||||
| CVE-2002-0718 | 1 Microsoft | 1 Content Management Server | 2024-02-04 | 7.5 HIGH | N/A |
| Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." | |||||
| CVE-2000-0330 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-02-04 | 7.6 HIGH | N/A |
| The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. | |||||
| CVE-2000-0199 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 7.2 HIGH | N/A |
| When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | |||||
| CVE-2003-0353 | 1 Microsoft | 1 Data Access Components | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. | |||||
| CVE-2000-0851 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. | |||||
| CVE-2002-0026 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. | |||||
| CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | |||||
| CVE-1999-0910 | 1 Microsoft | 3 Commercial Internet System, Site Server, Site Server Commerce | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. | |||||
| CVE-2001-1122 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 2.1 LOW | N/A |
| Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. | |||||