Filtered by vendor Microsoft
Subscribe
Total
19777 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0238 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. | |||||
CVE-2001-0151 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. | |||||
CVE-2003-0112 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. | |||||
CVE-2002-0720 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2024-02-28 | 7.2 HIGH | N/A |
A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. | |||||
CVE-2002-0726 | 1 Microsoft | 1 Tsac Activex Control | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field. | |||||
CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | |||||
CVE-1999-0511 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 7.5 HIGH | N/A |
IP forwarding is enabled on a machine which is not a router or firewall. | |||||
CVE-2001-0721 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. | |||||
CVE-2002-0721 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 10.0 HIGH | N/A |
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. | |||||
CVE-2002-0723 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." | |||||
CVE-2004-2090 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | |||||
CVE-2003-0661 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. | |||||
CVE-2002-0186 | 1 Microsoft | 1 Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." | |||||
CVE-2002-1984 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". | |||||
CVE-2002-0027 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. | |||||
CVE-1999-1294 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 2.1 LOW | N/A |
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. | |||||
CVE-2003-1107 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 5.1 MEDIUM | N/A |
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. | |||||
CVE-2003-0824 | 1 Microsoft | 4 Frontpage Server Extensions, Sharepoint Team Services, Windows 2000 and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. | |||||
CVE-2003-1041 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | |||||
CVE-2004-0212 | 2 Avaya, Microsoft | 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. |