Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4293 | 2 Microsoft, Opera | 2 Windows, Opera | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. | |||||
| CVE-2008-4563 | 2 Ibm, Microsoft | 3 Tivoli Storage Manager, Tivoli Storage Manager Express, Windows | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value. | |||||
| CVE-2008-3957 | 1 Microsoft | 1 Windows Image Acquisition Logger | 2017-08-08 | 9.3 HIGH | N/A |
| The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3956 | 1 Microsoft | 1 Organization Chart | 2017-08-08 | 9.3 HIGH | N/A |
| orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. | |||||
| CVE-2008-3860 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. | |||||
| CVE-2008-3648 | 1 Microsoft | 1 Windows Xp | 2017-08-08 | 9.3 HIGH | N/A |
| nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. | |||||
| CVE-2008-4387 | 3 Microsoft, Sap, Simba Technologies | 3 Internet Explorer, Sapgui, Mdrmsap Activex Control | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. | |||||
| CVE-2008-3538 | 2 Hp, Microsoft | 2 Enterprise Discovery, Windows | 2017-08-08 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery. | |||||
| CVE-2008-3539 | 2 Hp, Microsoft | 12 Hpsi Acf2 Connector, Hpsi Active Directory Connector, Hpsi Bidir Dirx Connector and 9 more | 2017-08-08 | 2.1 LOW | N/A |
| Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-2821 | 2 Glub, Microsoft | 2 Secure Ftp, Windows Nt | 2017-08-08 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | |||||
| CVE-2008-2674 | 4 Fujitsu, Microsoft, Redhat and 1 more | 11 Interstage Application Server Enterprise, Interstage Application Server Plus, Interstage Application Server Plus Developer and 8 more | 2017-08-08 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-3079 | 2 Microsoft, Opera | 2 Windows, Opera | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-2752 | 1 Microsoft | 1 Word | 2017-08-08 | 7.1 HIGH | N/A |
| Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2163 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." | |||||
| CVE-2008-1873 | 2 Microsoft, Tru-zone | 2 Internet Explorer, Nukeet | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2143 | 1 Microsoft | 1 Outlook Web Access | 2017-08-08 | 1.9 LOW | N/A |
| Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. | |||||
| CVE-2008-2299 | 2 Citrix, Microsoft | 4 Access Essentials, Desktop Server, Presentation Server and 1 more | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. | |||||
| CVE-2003-1566 | 1 Microsoft | 1 Internet Information Services | 2017-08-08 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. | |||||
| CVE-2008-0709 | 4 Hp, Microsoft, Redhat and 1 more | 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more | 2017-08-08 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | |||||
| CVE-2007-6250 | 2 Aol, Microsoft | 2 Aolmediaplaybackcontrol, Ampx | 2017-08-08 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method. | |||||