Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19844 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0422 1 Microsoft 1 Internet Information Services 2024-02-28 2.6 LOW N/A
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
CVE-2002-0698 1 Microsoft 1 Exchange Server 2024-02-28 7.5 HIGH N/A
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
CVE-2001-0004 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 5.0 MEDIUM N/A
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
CVE-2003-0300 8 Microsoft, Mozilla, Mutt and 5 more 8 Outlook Express, Mozilla, Mutt and 5 more 2024-02-28 5.0 MEDIUM N/A
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
CVE-2000-0581 1 Microsoft 1 Windows 2000 2024-02-28 5.0 MEDIUM N/A
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
CVE-2004-1324 1 Microsoft 1 Windows Media Player 2024-02-28 2.6 LOW N/A
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
CVE-2002-2028 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2024-02-28 2.1 LOW N/A
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
CVE-2002-2062 1 Microsoft 1 Internet Explorer 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
CVE-2000-0753 1 Microsoft 1 Outlook 2024-02-28 5.0 MEDIUM N/A
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
CVE-2004-0122 1 Microsoft 1 Msn Messenger 2024-02-28 5.0 MEDIUM N/A
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
CVE-2000-0742 1 Microsoft 2 Windows 95, Windows 98 2024-02-28 5.0 MEDIUM N/A
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
CVE-2004-0717 3 Linux, Microsoft, Opera 3 Linux Kernel, Windows, Opera Browser 2024-02-28 7.5 HIGH N/A
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2002-0622 1 Microsoft 1 Commerce Server 2024-02-28 7.5 HIGH N/A
The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
CVE-2000-1209 2 Compaq, Microsoft 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more 2024-02-28 10.0 HIGH N/A
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
CVE-2002-0057 1 Microsoft 4 Internet Explorer, Sql Server, Windows Xp and 1 more 2024-02-28 5.0 MEDIUM N/A
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
CVE-2003-0348 1 Microsoft 1 Windows Media Player 2024-02-28 6.4 MEDIUM N/A
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
CVE-2000-0071 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 5.0 MEDIUM N/A
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVE-1999-0233 1 Microsoft 1 Internet Information Services 2024-02-28 10.0 HIGH N/A
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
CVE-2002-0023 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
CVE-2000-0970 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 7.5 HIGH N/A
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.