Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1397 | 1 Microsoft | 1 Index Server | 2016-10-18 | 7.5 HIGH | N/A |
| Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. | |||||
| CVE-1999-1431 | 1 Microsoft | 1 Zero Administration Kit | 2016-10-18 | 4.6 MEDIUM | N/A |
| ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe. | |||||
| CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | |||||
| CVE-1999-1376 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-1361 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 6.4 MEDIUM | N/A |
| Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. | |||||
| CVE-1999-1387 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25. | |||||
| CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. | |||||
| CVE-1999-1164 | 1 Microsoft | 2 Outlook, Outlook Express | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. | |||||
| CVE-1999-1104 | 1 Microsoft | 1 Windows 95 | 2016-10-18 | 4.6 MEDIUM | N/A |
| Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. | |||||
| CVE-1999-1052 | 1 Microsoft | 1 Frontpage | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. | |||||
| CVE-1999-1033 | 1 Microsoft | 1 Outlook Express | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. | |||||
| CVE-1999-0819 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. | |||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||
| CVE-1999-0360 | 1 Microsoft | 1 Site Server | 2016-10-18 | 7.2 HIGH | N/A |
| MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | |||||
| CVE-1999-0364 | 2 Fms Inc., Microsoft | 2 Total Vb Sourcebook, Access | 2016-10-18 | 10.0 HIGH | N/A |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. | |||||
| CVE-2014-3802 | 1 Microsoft | 2 Debug Interface Access Software Development Kit, Visual Studio | 2016-09-09 | 6.8 MEDIUM | N/A |
| msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. | |||||
| CVE-2014-2779 | 1 Microsoft | 1 Malware Protection Engine | 2016-09-02 | 4.3 MEDIUM | N/A |
| mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. | |||||
| CVE-2016-4158 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2016-06-20 | 6.9 MEDIUM | 7.3 HIGH |
| Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | |||||
| CVE-2016-0955 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | |||||
| CVE-2016-0957 | 4 Adobe, Apple, Linux and 1 more | 5 Dispatcher, Experience Manager, Mac Os X and 2 more | 2016-02-25 | 7.8 HIGH | 7.5 HIGH |
| Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | |||||