Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0709 | 1 Microsoft | 1 Frontpage | 2008-09-05 | 5.0 MEDIUM | N/A |
| The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. | |||||
| CVE-2000-0756 | 1 Microsoft | 1 Outlook | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. | |||||
| CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2008-09-05 | 7.5 HIGH | N/A |
| Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||||
| CVE-2000-0082 | 1 Microsoft | 1 Webtv | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. | |||||
| CVE-2000-0081 | 1 Microsoft | 1 Hotmail | 2008-09-05 | 10.0 HIGH | N/A |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript. | |||||
| CVE-2000-0415 | 1 Microsoft | 2 Outlook, Outlook Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name. | |||||
| CVE-1999-1358 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-05 | 4.6 MEDIUM | N/A |
| When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. | |||||
| CVE-1999-1591 | 1 Microsoft | 2 Internet Information Server, Visual Interdev | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | |||||
| CVE-1999-1364 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 2.1 LOW | N/A |
| Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. | |||||
| CVE-1999-1363 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 2.1 LOW | N/A |
| Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. | |||||
| CVE-1999-1362 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 2.1 LOW | N/A |
| Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. | |||||
| CVE-1999-1360 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 2.1 LOW | N/A |
| Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. | |||||
| CVE-1999-1359 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 7.5 HIGH | N/A |
| When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. | |||||
| CVE-1999-1105 | 1 Microsoft | 1 Windows 95 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | |||||
| CVE-1999-0560 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A system-critical Windows NT file or directory has inappropriate permissions. | |||||
| CVE-1999-0578 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 4.6 MEDIUM | N/A |
| A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. | |||||
| CVE-1999-0579 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. | |||||
| CVE-1999-0581 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. | |||||
| CVE-1999-0570 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. | |||||
| CVE-1999-0577 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. | |||||
| CVE-1999-0285 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. | |||||
| CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Windows NT 4.0 beta allows users to read and delete shares. | |||||
| CVE-1999-0140 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Denial of service in RAS/PPTP on NT systems. | |||||
| CVE-2007-4040 | 1 Microsoft | 2 Outlook, Outlook Express | 2008-09-05 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | |||||
| CVE-2008-3893 | 1 Microsoft | 1 Windows Vista | 2008-09-05 | 1.9 LOW | N/A |
| Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-1299 | 2 Manageengine, Microsoft | 2 Servicedesk Plus, Windows | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-1999-0549 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 7.2 HIGH | N/A |
| Windows NT automatically logs in an administrator upon rebooting. | |||||