Filtered by vendor Microsoft
Subscriptions
Total
23827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0886 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | ||||
| CVE-1999-0989 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. | ||||
| CVE-2000-0933 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. | ||||
| CVE-2001-0507 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | ||||
| CVE-1999-0499 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| NETBIOS share information may be published through SNMP registry keys in NT. | ||||
| CVE-2000-0663 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. | ||||
| CVE-1999-0504 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| A Windows NT local user or administrator account has a default, null, blank, or missing password. | ||||
| CVE-1999-0506 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| A Windows NT domain user or administrator account has a default, null, blank, or missing password. | ||||
| CVE-2000-0709 | 1 Microsoft | 1 Frontpage | 2026-04-16 | N/A |
| The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. | ||||
| CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2026-04-16 | N/A |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||||
| CVE-2000-0756 | 1 Microsoft | 1 Outlook | 2026-04-16 | N/A |
| Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. | ||||
| CVE-2000-0765 | 1 Microsoft | 3 Excel, Powerpoint, Word | 2026-04-16 | N/A |
| Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. | ||||
| CVE-2000-0767 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability. | ||||
| CVE-2000-0770 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability. | ||||
| CVE-2000-0771 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. | ||||
| CVE-2001-0237 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. | ||||
| CVE-2001-0238 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2026-04-16 | N/A |
| Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. | ||||
| CVE-2000-1209 | 2 Compaq, Microsoft | 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more | 2026-04-16 | N/A |
| The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. | ||||
| CVE-1999-0570 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. | ||||
| CVE-2000-0817 | 1 Microsoft | 1 Network Monitor | 2026-04-16 | N/A |
| Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. | ||||