VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2002-0736Aug 12, 2002
    risk 0.03cvss epss 0.32

    Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

  • CVE-2002-0074Apr 22, 2002
    risk 0.03cvss epss 0.34

    Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.

  • CVE-2002-0071Apr 22, 2002
    risk 0.03cvss epss 0.34

    Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.

  • CVE-2002-0075Apr 22, 2002
    risk 0.03cvss epss 0.34

    Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

  • CVE-2002-0022Mar 8, 2002
    risk 0.03cvss epss 0.40

    Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.

  • CVE-2002-0053Mar 8, 2002
    risk 0.03cvss epss 0.38

    Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other…

  • CVE-2002-0055Mar 8, 2002
    risk 0.03cvss epss 0.38

    SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

  • CVE-2001-1518Dec 31, 2001
    risk 0.03cvss epss 0.06

    RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this…

  • CVE-2001-1560Dec 31, 2001
    risk 0.03cvss epss 0.05

    Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

  • CVE-2001-1519Dec 31, 2001
    risk 0.03cvss epss 0.06

    RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are…

  • CVE-2001-0505Oct 30, 2001
    risk 0.03cvss epss 0.33

    Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.

  • CVE-2001-0709Sep 20, 2001
    risk 0.03cvss epss 0.36

    Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.

  • CVE-2001-1122Aug 3, 2001
    risk 0.03cvss epss 0.04

    Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.

  • CVE-2001-0146Jun 2, 2001
    risk 0.03cvss epss 0.37

    IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.

  • CVE-2001-1347May 24, 2001
    risk 0.03cvss epss 0.05

    Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as…

  • CVE-2000-1085Jan 9, 2001
    risk 0.03cvss epss 0.05

    The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a…

  • CVE-2000-1083Jan 9, 2001
    risk 0.03cvss epss 0.05

    The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial…

  • CVE-2000-1081Jan 9, 2001
    risk 0.03cvss epss 0.05

    The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause…

  • CVE-2000-0737Oct 20, 2000
    risk 0.03cvss epss 0.04

    The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.

  • CVE-2000-0232Mar 30, 2000
    risk 0.03cvss epss 0.04

    Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.

  • CVE-2000-0155Feb 18, 2000
    risk 0.03cvss epss 0.04

    Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.

  • CVE-2000-0167Feb 15, 2000
    risk 0.03cvss epss 0.03

    IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.

  • CVE-2000-0129Feb 4, 2000
    risk 0.03cvss epss 0.04

    Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.

  • CVE-2000-0121Feb 1, 2000
    risk 0.03cvss epss 0.05

    The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.

  • CVE-1999-1084Dec 31, 1999
    risk 0.03cvss epss 0.04

    The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.

  • CVE-2000-0100Dec 29, 1999
    risk 0.03cvss epss 0.03

    The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

  • CVE-2000-0025Dec 21, 1999
    risk 0.03cvss epss 0.35

    IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

  • CVE-1999-0975Dec 10, 1999
    risk 0.03cvss epss 0.03

    The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

  • CVE-1999-0899Nov 4, 1999
    risk 0.03cvss epss 0.03

    The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

  • CVE-1999-1235Aug 25, 1999
    risk 0.03cvss epss 0.03

    Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the…

  • CVE-2000-0325Aug 20, 1999
    risk 0.03cvss epss 0.04

    The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.

  • CVE-1999-0700Jul 29, 1999
    risk 0.03cvss epss 0.05

    Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

  • CVE-1999-0715May 20, 1999
    risk 0.03cvss epss 0.06

    Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.

  • CVE-1999-0716May 17, 1999
    risk 0.03cvss epss 0.06

    Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.

  • CVE-1999-0382Mar 12, 1999
    risk 0.03cvss epss 0.03

    The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.

  • CVE-1999-0376Feb 20, 1999
    risk 0.03cvss epss 0.02

    Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

  • CVE-1999-0372Feb 12, 1999
    risk 0.03cvss epss 0.05

    The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

  • CVE-1999-0360Jan 30, 1999
    risk 0.03cvss epss 0.06

    MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.

  • CVE-2019-0568HigJan 8, 2019
    risk 0.02cvss 7.5epss 0.69

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,…

  • CVE-2019-0567HigJan 8, 2019
    risk 0.02cvss 7.5epss 0.80

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,…

  • CVE-2018-8467HigSep 13, 2018
    risk 0.02cvss 7.5epss 0.69

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367,…

  • CVE-2018-8466HigSep 13, 2018
    risk 0.02cvss 7.5epss 0.69

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367,…

  • CVE-2018-8291HigJul 11, 2018
    risk 0.02cvss 7.5epss 0.70

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from…

  • CVE-2018-8288HigJul 11, 2018
    risk 0.02cvss 7.5epss 0.70

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from…

  • CVE-2018-8229HigJun 14, 2018
    risk 0.02cvss 7.5epss 0.71

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.

  • CVE-2015-6161Dec 9, 2015
    risk 0.02cvss epss 0.20

    Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."

  • CVE-2015-6160Dec 9, 2015
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142,…

  • CVE-2015-6159Dec 9, 2015
    risk 0.02cvss epss 0.20

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140,…

  • CVE-2015-6151Dec 9, 2015
    risk 0.02cvss epss 0.20

    Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…

  • CVE-2015-6150Dec 9, 2015
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6154.

Page 225 of 287