Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19843 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0812 1 Microsoft 2 Windows 2000, Windows Xp 2024-02-28 7.5 HIGH N/A
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
CVE-2004-0540 1 Microsoft 1 Windows 2000 2024-02-28 10.0 HIGH N/A
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
CVE-2000-0167 1 Microsoft 1 Internet Information Server 2024-02-28 2.1 LOW N/A
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
CVE-1999-1223 1 Microsoft 1 Internet Information Server 2024-02-28 5.0 MEDIUM N/A
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
CVE-1999-0506 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-28 7.2 HIGH N/A
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
CVE-2002-1712 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-28 5.0 MEDIUM N/A
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
CVE-1999-1235 1 Microsoft 1 Internet Explorer 2024-02-28 4.6 MEDIUM N/A
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.
CVE-1999-0861 1 Microsoft 4 Commercial Internet System, Internet Information Server, Site Server and 1 more 2024-02-28 2.6 LOW N/A
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
CVE-2001-0243 1 Microsoft 1 Windows Media Player 2024-02-28 5.0 MEDIUM N/A
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.
CVE-1999-0715 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-28 4.6 MEDIUM N/A
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
CVE-2001-1489 1 Microsoft 1 Ie 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
CVE-2002-0071 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 7.5 HIGH N/A
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
CVE-2002-0151 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2024-02-28 7.2 HIGH N/A
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
CVE-2001-0091 1 Microsoft 1 Internet Explorer 2024-02-28 2.6 LOW N/A
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
CVE-2001-1122 1 Microsoft 1 Windows Nt 2024-02-28 2.1 LOW N/A
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
CVE-1999-0499 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-28 7.5 HIGH N/A
NETBIOS share information may be published through SNMP registry keys in NT.
CVE-2001-0547 1 Microsoft 1 Isa Server 2024-02-28 2.1 LOW N/A
Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
CVE-2002-0648 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
CVE-2002-1293 1 Microsoft 1 Java Virtual Machine 2024-02-28 7.5 HIGH N/A
The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.
CVE-2002-0597 1 Microsoft 1 Windows 2000 2024-02-28 5.0 MEDIUM N/A
LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.