Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0500 | 1 Microsoft | 3 Index Server, Indexing Service, Internet Information Server | 2018-10-12 | 10.0 HIGH | N/A |
| Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | |||||
| CVE-2001-0501 | 1 Microsoft | 1 Word | 2018-10-12 | 4.6 MEDIUM | N/A |
| Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. | |||||
| CVE-2001-0502 | 1 Microsoft | 1 Windows 2000 | 2018-10-12 | 4.6 MEDIUM | N/A |
| Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. | |||||
| CVE-2001-0503 | 1 Microsoft | 1 Netmeeting | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. | |||||
| CVE-2001-0504 | 1 Microsoft | 1 Windows 2000 | 2018-10-12 | 7.5 HIGH | N/A |
| Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying. | |||||
| CVE-2001-0505 | 1 Microsoft | 1 Services | 2018-10-12 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. | |||||
| CVE-2001-0538 | 1 Microsoft | 1 Outlook | 2018-10-12 | 10.0 HIGH | N/A |
| Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. | |||||
| CVE-2001-0540 | 1 Microsoft | 1 Terminal Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389. | |||||
| CVE-2001-0541 | 1 Microsoft | 1 Windows Media Player | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. | |||||
| CVE-2001-0542 | 1 Microsoft | 1 Sql Server | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. | |||||
| CVE-2001-0545 | 1 Microsoft | 1 Internet Information Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. | |||||
| CVE-2001-0546 | 1 Microsoft | 1 Isa Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. | |||||
| CVE-2001-0547 | 1 Microsoft | 1 Isa Server | 2018-10-12 | 2.1 LOW | N/A |
| Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). | |||||
| CVE-2001-0658 | 1 Microsoft | 1 Isa Server | 2018-10-12 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. | |||||
| CVE-2001-0659 | 1 Microsoft | 1 Windows 2000 | 2018-10-12 | 5.0 MEDIUM | N/A |
| Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet. | |||||
| CVE-2001-0660 | 1 Microsoft | 1 Exchange Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). | |||||
| CVE-2001-0662 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 5.0 MEDIUM | N/A |
| RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. | |||||
| CVE-2001-0663 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2018-10-12 | 5.0 MEDIUM | N/A |
| Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets. | |||||
| CVE-2001-0665 | 1 Microsoft | 1 Ie | 2018-10-12 | 7.5 HIGH | N/A |
| Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability." | |||||
| CVE-2001-0667 | 1 Microsoft | 1 Ie | 2018-10-12 | 7.5 HIGH | N/A |
| Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150. | |||||
| CVE-2001-0718 | 1 Microsoft | 2 Excel, Powerpoint | 2018-10-12 | 7.5 HIGH | N/A |
| Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. | |||||
| CVE-2001-0719 | 1 Microsoft | 1 Windows Media Player | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. | |||||
| CVE-2001-0720 | 1 Apple | 1 Mac Os X | 2018-10-12 | 7.5 HIGH | N/A |
| Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled. | |||||
| CVE-2001-0721 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2018-10-12 | 5.0 MEDIUM | N/A |
| Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. | |||||
| CVE-2001-0876 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. | |||||
| CVE-2001-0877 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2018-10-12 | 5.0 MEDIUM | N/A |
| Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. | |||||
| CVE-2002-0012 | 1 Snmp | 1 Snmp | 2018-10-12 | 10.0 HIGH | N/A |
| Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | |||||
| CVE-2002-0013 | 1 Snmp | 1 Snmp | 2018-10-12 | 10.0 HIGH | N/A |
| Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | |||||
| CVE-2002-0018 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2018-10-12 | 10.0 HIGH | N/A |
| In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | |||||
| CVE-2002-0020 | 1 Microsoft | 2 Interix, Windows 2000 | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. | |||||
| CVE-2002-0021 | 1 Microsoft | 1 Office | 2018-10-12 | 5.0 MEDIUM | N/A |
| Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. | |||||
| CVE-2002-0050 | 1 Microsoft | 1 Commerce Server | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. | |||||
| CVE-2002-0053 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. | |||||
| CVE-2002-0056 | 1 Microsoft | 1 Sql Server | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | |||||
| CVE-2002-0058 | 2 Microsoft, Sun | 4 Virtual Machine, Jdk, Jre and 1 more | 2018-10-12 | 5.0 MEDIUM | N/A |
| Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. | |||||
| CVE-1999-0004 | 3 Hp, Sco, University Of Washington | 3 Dtmail, Unixware, Pine | 2018-10-12 | 5.0 MEDIUM | N/A |
| MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook. | |||||
| CVE-1999-0278 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2018-10-12 | 5.0 MEDIUM | N/A |
| In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. | |||||
| CVE-1999-0344 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 7.2 HIGH | N/A |
| NT users can gain debug-level access on a system process using the Sechole exploit. | |||||
| CVE-1999-0349 | 1 Microsoft | 1 Internet Information Server | 2018-10-12 | 7.5 HIGH | N/A |
| A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. | |||||
| CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 7.5 HIGH | N/A |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | |||||
| CVE-1999-0372 | 1 Microsoft | 3 Backoffice, Windows 2000, Windows Nt | 2018-10-12 | 2.1 LOW | N/A |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | |||||
| CVE-1999-0376 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 4.6 MEDIUM | N/A |
| Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. | |||||
| CVE-1999-0379 | 1 Microsoft | 1 Backoffice Resource Kit | 2018-10-12 | 7.5 HIGH | N/A |
| Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. | |||||
| CVE-1999-0382 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 7.2 HIGH | N/A |
| The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. | |||||
| CVE-1999-0384 | 1 Microsoft | 6 Office, Outlook, Project and 3 more | 2018-10-12 | 4.6 MEDIUM | N/A |
| The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. | |||||
| CVE-1999-0386 | 1 Microsoft | 2 Frontpage, Personal Web Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. | |||||
| CVE-1999-0387 | 1 Microsoft | 2 Windows 95, Windows 98 | 2018-10-12 | 7.8 HIGH | N/A |
| A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. | |||||
| CVE-1999-0489 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 10.0 HIGH | N/A |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. | |||||
| CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | |||||
| CVE-1999-0700 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2018-10-12 | 6.2 MEDIUM | N/A |
| Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. | |||||