Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 21491 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0999 1 Microsoft 1 Sql Server 2025-04-03 4.3 MEDIUM N/A
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
CVE-2001-1122 1 Microsoft 1 Windows Nt 2025-04-03 2.1 LOW N/A
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
CVE-2002-2062 1 Microsoft 1 Internet Explorer 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
CVE-2005-4360 1 Microsoft 2 Internet Information Services, Windows Xp 2025-04-03 7.8 HIGH N/A
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
CVE-2001-0151 1 Microsoft 1 Internet Information Services 2025-04-03 5.0 MEDIUM N/A
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
CVE-2005-1213 1 Microsoft 1 Outlook Express 2025-04-03 7.5 HIGH N/A
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
CVE-2005-0904 1 Microsoft 1 Windows Xp 2025-04-03 2.1 LOW N/A
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
CVE-2004-0502 1 Microsoft 1 Outlook 2025-04-03 5.0 MEDIUM N/A
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
CVE-2000-1090 1 Microsoft 1 Internet Information Server 2025-04-03 5.0 MEDIUM N/A
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
CVE-2001-0083 1 Microsoft 1 Windows Media Services 2025-04-03 5.0 MEDIUM N/A
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
CVE-2006-2094 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 5.1 MEDIUM N/A
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
CVE-2005-1979 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-03 5.0 MEDIUM N/A
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.
CVE-2001-0096 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 5.0 MEDIUM N/A
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
CVE-2005-0049 1 Microsoft 2 Sharepoint Portal Server, Sharepoint Team Services 2025-04-03 4.3 MEDIUM N/A
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.
CVE-2002-0618 1 Microsoft 2 Excel, Office 2025-04-03 7.5 HIGH N/A
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
CVE-2002-1181 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.
CVE-2002-0391 4 Freebsd, Microsoft, Openbsd and 1 more 7 Freebsd, Windows 2000, Windows Nt and 4 more 2025-04-03 10.0 HIGH 9.8 CRITICAL
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
CVE-2003-1041 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
CVE-2003-0910 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 7.2 HIGH N/A
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
CVE-1999-1364 1 Microsoft 1 Windows Nt 2025-04-03 2.1 LOW N/A
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.