Filtered by vendor Microsoft
Subscriptions
Total
19218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0736 | 1 Microsoft | 1 Backoffice | 2008-09-05 | N/A |
| Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. | ||||
| CVE-2002-0481 | 1 Microsoft | 1 Outlook | 2008-09-05 | N/A |
| An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. | ||||
| CVE-2002-0472 | 1 Microsoft | 1 Msn Messenger | 2008-09-05 | N/A |
| MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users. | ||||
| CVE-2002-0444 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2008-09-05 | N/A |
| Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. | ||||
| CVE-2002-0421 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | N/A |
| IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. | ||||
| CVE-2001-1200 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | N/A |
| Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. | ||||
| CVE-2001-0324 | 1 Microsoft | 2 Windows 2000, Windows 98 | 2008-09-05 | N/A |
| Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. | ||||
| CVE-2001-0281 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | N/A |
| Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. | ||||
| CVE-2000-1105 | 1 Microsoft | 1 Indexing Service | 2008-09-05 | N/A |
| The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. | ||||
| CVE-2000-0709 | 1 Microsoft | 1 Frontpage | 2008-09-05 | N/A |
| The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. | ||||
| CVE-2000-0415 | 1 Microsoft | 2 Outlook, Outlook Express | 2008-09-05 | N/A |
| Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name. | ||||
| CVE-1999-1364 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | N/A |
| Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. | ||||
| CVE-1999-1363 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | N/A |
| Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. | ||||
| CVE-1999-1362 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | N/A |
| Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. | ||||
| CVE-1999-1360 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | N/A |
| Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. | ||||
| CVE-1999-1359 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | N/A |
| When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. | ||||
| CVE-1999-1358 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-05 | N/A |
| When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. | ||||
| CVE-1999-1105 | 1 Microsoft | 1 Windows 95 | 2008-09-05 | N/A |
| Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | ||||