Filtered by vendor Microsoft
Subscribe
Total
21491 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0999 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 4.3 MEDIUM | N/A |
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | |||||
CVE-2001-1122 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. | |||||
CVE-2002-2062 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. | |||||
CVE-2005-4360 | 1 Microsoft | 2 Internet Information Services, Windows Xp | 2025-04-03 | 7.8 HIGH | N/A |
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). | |||||
CVE-2001-0151 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. | |||||
CVE-2005-1213 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. | |||||
CVE-2005-0904 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe. | |||||
CVE-2004-0502 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI. | |||||
CVE-2000-1090 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. | |||||
CVE-2001-0083 | 1 Microsoft | 1 Windows Media Services | 2025-04-03 | 5.0 MEDIUM | N/A |
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. | |||||
CVE-2006-2094 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | |||||
CVE-2005-1979 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | |||||
CVE-2001-0096 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. | |||||
CVE-2005-0049 | 1 Microsoft | 2 Sharepoint Portal Server, Sharepoint Team Services | 2025-04-03 | 4.3 MEDIUM | N/A |
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. | |||||
CVE-2002-0618 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 7.5 HIGH | N/A |
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". | |||||
CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | |||||
CVE-2002-0391 | 4 Freebsd, Microsoft, Openbsd and 1 more | 7 Freebsd, Windows 2000, Windows Nt and 4 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | |||||
CVE-2003-1041 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | |||||
CVE-2003-0910 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory. | |||||
CVE-1999-1364 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. |