Filtered by vendor Microsoft
Subscribe
Total
19159 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0545 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. | |||||
CVE-2002-0723 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." | |||||
CVE-2001-0663 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 5.0 MEDIUM | N/A |
Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets. | |||||
CVE-2001-0240 | 1 Microsoft | 1 Word | 2023-12-10 | 4.6 MEDIUM | N/A |
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. | |||||
CVE-2000-0415 | 1 Microsoft | 2 Outlook, Outlook Express | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name. | |||||
CVE-1999-0777 | 1 Microsoft | 2 Commercial Internet System, Internet Information Server | 2023-12-10 | 7.5 HIGH | N/A |
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | |||||
CVE-2000-0122 | 1 Microsoft | 1 Frontpage | 2023-12-10 | 5.0 MEDIUM | N/A |
Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. | |||||
CVE-2003-0231 | 1 Microsoft | 2 Data Engine, Sql Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | |||||
CVE-1999-0077 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 5.0 MEDIUM | N/A |
Predictable TCP sequence numbers allow spoofing. | |||||
CVE-2003-0768 | 1 Microsoft | 1 Asp.net | 2023-12-10 | 6.8 MEDIUM | N/A |
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. | |||||
CVE-2001-0879 | 1 Microsoft | 4 Sql Server, Windows 2000, Windows Nt and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | |||||
CVE-1999-0226 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 10.0 HIGH | N/A |
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | |||||
CVE-1999-0572 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 9.3 HIGH | N/A |
.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. | |||||
CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 7.5 HIGH | N/A |
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | |||||
CVE-2001-0951 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 5.0 MEDIUM | N/A |
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. | |||||
CVE-2002-1692 | 1 Microsoft | 1 Windows 95 | 2023-12-10 | 3.6 LOW | N/A |
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. | |||||
CVE-2004-0610 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2023-12-10 | 5.0 MEDIUM | N/A |
The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. | |||||
CVE-2002-1150 | 1 Microsoft | 1 Netmeeting | 2023-12-10 | 4.6 MEDIUM | N/A |
The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. | |||||
CVE-1999-1591 | 1 Microsoft | 2 Internet Information Server, Visual Interdev | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | |||||
CVE-2003-0513 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. |