Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19962 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2000-0025 1 Microsoft 3 Internet Information Server, Site Server, Site Server Commerce 2024-11-20 5.0 MEDIUM N/A
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
CVE-2000-0024 1 Microsoft 3 Internet Information Server, Site Server, Site Server Commerce 2024-11-20 6.4 MEDIUM N/A
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
CVE-1999-1593 1 Microsoft 3 Windows 2000, Windows 95, Windows 98 2024-11-20 7.6 HIGH N/A
Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.
CVE-1999-1591 1 Microsoft 2 Internet Information Server, Visual Interdev 2024-11-20 7.5 HIGH N/A
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
CVE-1999-1581 1 Microsoft 1 Windows Nt 2024-11-20 5.0 MEDIUM N/A
Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.
CVE-1999-1579 1 Microsoft 1 Windows Nt 2024-11-20 5.0 MEDIUM N/A
The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.
CVE-1999-1578 1 Microsoft 1 Internet Explorer 2024-11-20 5.1 MEDIUM N/A
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
CVE-1999-1577 1 Microsoft 1 Internet Explorer 2024-11-20 5.1 MEDIUM N/A
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
CVE-1999-1575 1 Microsoft 1 Internet Explorer 2024-11-20 5.1 MEDIUM N/A
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
CVE-1999-1556 1 Microsoft 1 Sql Server 2024-11-20 7.2 HIGH N/A
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
CVE-1999-1544 1 Microsoft 1 Internet Information Server 2024-11-20 5.0 MEDIUM N/A
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
CVE-1999-1538 1 Microsoft 1 Internet Information Server 2024-11-20 2.1 LOW N/A
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
CVE-1999-1537 1 Microsoft 1 Internet Information Server 2024-11-20 5.0 MEDIUM N/A
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
CVE-1999-1520 1 Microsoft 1 Site Server 2024-11-20 5.0 MEDIUM N/A
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
CVE-1999-1484 1 Microsoft 1 Msn Setup Bulletin Board Services 2024-11-20 7.5 HIGH N/A
Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.
CVE-1999-1478 1 Microsoft 1 Internet Information Server 2024-11-20 5.0 MEDIUM N/A
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
CVE-1999-1474 1 Microsoft 1 Powerpoint 2024-11-20 7.5 HIGH N/A
PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer.
CVE-1999-1473 1 Microsoft 1 Internet Explorer 2024-11-20 5.0 MEDIUM N/A
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
CVE-1999-1472 1 Microsoft 1 Internet Explorer 2024-11-20 5.0 MEDIUM N/A
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
CVE-1999-1463 1 Microsoft 1 Windows Nt 2024-11-20 5.0 MEDIUM N/A
Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session.