Search
Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1222 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. | |||||
| CVE-1999-1294 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 2.1 LOW | N/A |
| Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. | |||||
| CVE-1999-0815 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. | |||||
| CVE-1999-1316 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 7.5 HIGH | N/A |
| Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. | |||||
| CVE-1999-1317 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 4.6 MEDIUM | N/A |
| Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. | |||||
| CVE-2001-0373 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2017-10-10 | 2.1 LOW | N/A |
| The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information. | |||||
| CVE-2000-0858 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. | |||||
| CVE-1999-1452 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 2.1 LOW | N/A |
| GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. | |||||
| CVE-1999-1455 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 7.5 HIGH | N/A |
| RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. | |||||
| CVE-1999-0077 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Predictable TCP sequence numbers allow spoofing. | |||||
| CVE-2008-3860 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. | |||||
| CVE-2008-2674 | 4 Fujitsu, Microsoft, Redhat and 1 more | 11 Interstage Application Server Enterprise, Interstage Application Server Plus, Interstage Application Server Plus Developer and 8 more | 2017-08-08 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-2821 | 2 Glub, Microsoft | 2 Secure Ftp, Windows Nt | 2017-08-08 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | |||||
| CVE-2008-2163 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." | |||||
| CVE-2007-1727 | 4 Hp, Linux, Microsoft and 1 more | 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more | 2017-07-29 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | |||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
| CVE-2003-1357 | 2 Microsoft, Replicom | 2 Windows Nt, Proxyview | 2017-07-29 | 10.0 HIGH | N/A |
| ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | |||||
| CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | |||||
| CVE-2003-1407 | 1 Microsoft | 1 Windows Nt | 2017-07-29 | 7.2 HIGH | N/A |
| Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. | |||||
| CVE-2005-2150 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2017-07-11 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. | |||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. | |||||
| CVE-1999-0593 | 1 Microsoft | 1 Windows Nt | 2017-07-11 | 4.9 MEDIUM | N/A |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | |||||
| CVE-1999-1581 | 1 Microsoft | 1 Windows Nt | 2017-07-11 | 5.0 MEDIUM | N/A |
| Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded. | |||||
| CVE-1999-0226 | 1 Microsoft | 1 Windows Nt | 2017-05-03 | 10.0 HIGH | N/A |
| Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | |||||
| CVE-2002-2073 | 1 Microsoft | 3 Site Server, Site Server Commerce, Windows Nt | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. | |||||
| CVE-1999-1361 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 6.4 MEDIUM | N/A |
| Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. | |||||
| CVE-1999-1387 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25. | |||||
| CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. | |||||
| CVE-1999-0819 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. | |||||
| CVE-2007-3482 | 2 Apple, Microsoft | 2 Safari, Windows Nt | 2008-11-15 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. | |||||
| CVE-2000-0544 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-10 | 5.0 MEDIUM | N/A |
| Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. | |||||
| CVE-2000-0197 | 1 Microsoft | 1 Windows Nt | 2008-09-10 | 4.6 MEDIUM | N/A |
| The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file. | |||||
| CVE-2000-0129 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2008-09-10 | 2.1 LOW | N/A |
| Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file. | |||||
| CVE-2000-0155 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2008-09-10 | 7.2 HIGH | N/A |
| Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | |||||
| CVE-1999-0824 | 1 Microsoft | 1 Windows Nt | 2008-09-09 | 4.6 MEDIUM | N/A |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | |||||
| CVE-1999-0975 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2008-09-09 | 4.6 MEDIUM | N/A |
| The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. | |||||
| CVE-1999-0595 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 2.1 LOW | N/A |
| A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. | |||||
| CVE-1999-0612 | 2 Gnu, Microsoft | 4 Finger Service, Fingerd, Windows 2000 and 1 more | 2008-09-09 | 0.0 LOW | N/A |
| A version of finger is running that exposes valid user information to any entity on the network. | |||||
| CVE-1999-0575 | 1 Microsoft | 1 Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. | |||||
| CVE-1999-0585 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 2.1 LOW | N/A |
| A Windows NT administrator account has the default name of Administrator. | |||||
| CVE-1999-0576 | 1 Microsoft | 1 Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. | |||||
| CVE-1999-0582 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 5.0 MEDIUM | N/A |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. | |||||
| CVE-1999-0444 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2008-09-09 | 5.0 MEDIUM | N/A |
| Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. | |||||
| CVE-1999-0535 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 10.0 HIGH | N/A |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. | |||||
| CVE-1999-0519 | 1 Microsoft | 4 Outlook, Windows 2000, Windows 95 and 1 more | 2008-09-09 | 7.5 HIGH | N/A |
| A NETBIOS/SMB share password is the default, null, or missing. | |||||
| CVE-1999-0511 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| IP forwarding is enabled on a machine which is not a router or firewall. | |||||
| CVE-1999-0506 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.2 HIGH | N/A |
| A Windows NT domain user or administrator account has a default, null, blank, or missing password. | |||||
| CVE-1999-0505 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.2 HIGH | N/A |
| A Windows NT domain user or administrator account has a guessable password. | |||||
| CVE-1999-0504 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| A Windows NT local user or administrator account has a default, null, blank, or missing password. | |||||
| CVE-1999-0503 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.2 HIGH | N/A |
| A Windows NT local user or administrator account has a guessable password. | |||||