Filtered by vendor Microsoft
Subscribe
Total
19962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1908 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. | |||||
| CVE-2002-1876 | 1 Microsoft | 1 Exchange Server | 2024-11-20 | 2.1 LOW | N/A |
| Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | |||||
| CVE-2002-1873 | 1 Microsoft | 1 Exchange Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2002-1847 | 1 Microsoft | 1 Windows Media Player | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. | |||||
| CVE-2002-1844 | 2 Microsoft, Oracle | 2 Windows Media Player, Solaris | 2024-11-20 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | |||||
| CVE-2002-1831 | 1 Microsoft | 1 Msn Messenger | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. | |||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | |||||
| CVE-2002-1795 | 1 Microsoft | 1 Tsac Activex Control | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2002-1790 | 1 Microsoft | 3 Exchange Server, Internet Information Server, Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | |||||
| CVE-2002-1769 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2024-11-20 | 7.5 HIGH | N/A |
| Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. | |||||
| CVE-2002-1762 | 1 Microsoft | 1 Baseline Security Analyzer | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. | |||||
| CVE-2002-1749 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 7.2 HIGH | N/A |
| Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. | |||||
| CVE-2002-1745 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | |||||
| CVE-2002-1744 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot). | |||||
| CVE-2002-1718 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. | |||||
| CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | |||||
| CVE-2002-1716 | 1 Microsoft | 1 Office | 2024-11-20 | 5.0 MEDIUM | N/A |
| The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. | |||||
| CVE-2002-1714 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. | |||||
| CVE-2002-1712 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. | |||||