Filtered by vendor Microsoft
Subscriptions
Total
20731 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1246 | 1 Microsoft | 1 Site Server | 2024-11-20 | N/A |
| Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. | ||||
| CVE-1999-1241 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object. | ||||
| CVE-1999-1235 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link. | ||||
| CVE-1999-1234 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | N/A |
| LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. | ||||
| CVE-1999-1233 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | N/A |
| IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. | ||||
| CVE-1999-1223 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | N/A |
| IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. | ||||
| CVE-1999-1222 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | N/A |
| Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. | ||||
| CVE-1999-1217 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | N/A |
| The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. | ||||
| CVE-1999-1201 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-11-20 | N/A |
| Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. | ||||
| CVE-1999-1164 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-11-20 | N/A |
| Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. | ||||
| CVE-1999-1157 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | N/A |
| Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. | ||||
| CVE-1999-1148 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | N/A |
| FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. | ||||
| CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. | ||||
| CVE-1999-1128 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user. | ||||
| CVE-1999-1127 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | 7.5 High |
| Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. | ||||
| CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | ||||
| CVE-1999-1105 | 1 Microsoft | 1 Windows 95 | 2024-11-20 | N/A |
| Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | ||||
| CVE-1999-1104 | 1 Microsoft | 1 Windows 95 | 2024-11-20 | N/A |
| Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. | ||||
| CVE-1999-1097 | 1 Microsoft | 1 Netmeeting | 2024-11-20 | N/A |
| Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. | ||||
| CVE-1999-1094 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." | ||||