Filtered by vendor Microsoft
Subscribe
Total
19620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0581 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 5.0 MEDIUM | N/A |
| Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. | |||||
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 2.6 LOW | N/A |
| The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | |||||
| CVE-2002-2028 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-02-28 | 2.1 LOW | N/A |
| The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing. | |||||
| CVE-2002-2062 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. | |||||
| CVE-2000-0753 | 1 Microsoft | 1 Outlook | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. | |||||
| CVE-2004-0122 | 1 Microsoft | 1 Msn Messenger | 2024-02-28 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. | |||||
| CVE-2000-0742 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-02-28 | 5.0 MEDIUM | N/A |
| The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. | |||||
| CVE-2004-0717 | 3 Linux, Microsoft, Opera | 3 Linux Kernel, Windows, Opera Browser | 2024-02-28 | 7.5 HIGH | N/A |
| Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2002-0622 | 1 Microsoft | 1 Commerce Server | 2024-02-28 | 7.5 HIGH | N/A |
| The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". | |||||
| CVE-2000-1209 | 2 Compaq, Microsoft | 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
| The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. | |||||
| CVE-2002-0057 | 1 Microsoft | 4 Internet Explorer, Sql Server, Windows Xp and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | |||||
| CVE-2003-0348 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 6.4 MEDIUM | N/A |
| A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. | |||||
| CVE-2000-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
| IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | |||||
| CVE-1999-0233 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 10.0 HIGH | N/A |
| IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||||
| CVE-2002-0023 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | |||||
| CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.5 HIGH | N/A |
| IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||||
| CVE-2001-1219 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. | |||||
| CVE-1999-1217 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 4.6 MEDIUM | N/A |
| The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. | |||||
| CVE-1999-0717 | 1 Microsoft | 5 Excel, Windows 2000, Windows 95 and 2 more | 2024-02-28 | 2.6 LOW | N/A |
| A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. | |||||
| CVE-2002-1137 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. | |||||