Filtered by vendor Microsoft
Subscribe
Total
19770 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0057 | 1 Microsoft | 4 Internet Explorer, Sql Server, Windows Xp and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | |||||
CVE-2003-0348 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 6.4 MEDIUM | N/A |
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. | |||||
CVE-2000-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | |||||
CVE-1999-0233 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 10.0 HIGH | N/A |
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||||
CVE-2002-0023 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | |||||
CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.5 HIGH | N/A |
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||||
CVE-2001-1219 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. | |||||
CVE-1999-1217 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 4.6 MEDIUM | N/A |
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. | |||||
CVE-1999-0717 | 1 Microsoft | 5 Excel, Windows 2000, Windows 95 and 2 more | 2024-02-28 | 2.6 LOW | N/A |
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. | |||||
CVE-2002-1137 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. | |||||
CVE-2000-0202 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | |||||
CVE-2002-1145 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 10.0 HIGH | N/A |
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. | |||||
CVE-2000-1084 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 4.6 MEDIUM | N/A |
The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
CVE-2000-1085 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 4.6 MEDIUM | N/A |
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
CVE-2003-0113 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. | |||||
CVE-1999-0876 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in Internet Explorer 4.0 via EMBED tag. | |||||
CVE-2001-0281 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. | |||||
CVE-2002-1287 | 1 Microsoft | 1 Java Virtual Machine | 2024-02-28 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass. | |||||
CVE-1999-0917 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.1 MEDIUM | N/A |
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. | |||||
CVE-2001-0504 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 7.5 HIGH | N/A |
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying. |