Filtered by vendor Microsoft Subscriptions
Total 24964 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-1999-0570 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
CVE-2001-0281 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges.
CVE-1999-0468 1 Microsoft 1 Internet Explorer 2026-04-16 8.2 High
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
CVE-1999-0444 1 Microsoft 3 Windows 95, Windows 98, Windows Nt 2026-04-16 N/A
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
CVE-2000-0544 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
CVE-2000-1139 1 Microsoft 1 Exchange Server 2026-04-16 N/A
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
CVE-2000-1149 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
CVE-2000-1088 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2000-0323 1 Microsoft 1 Jet 2026-04-16 N/A
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
CVE-2000-0327 1 Microsoft 1 Virtual Machine 2026-04-16 N/A
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
CVE-2000-0329 1 Microsoft 4 Ie, Internet Explorer, Outlook and 1 more 2026-04-16 N/A
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVE-1999-0349 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
CVE-1999-0360 1 Microsoft 1 Site Server 2026-04-16 N/A
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.
CVE-1999-0384 1 Microsoft 6 Office, Outlook, Project and 3 more 2026-04-16 N/A
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
CVE-1999-0391 1 Microsoft 3 Terminal Server, Windows 2000, Windows Nt 2026-04-16 N/A
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
CVE-2000-1006 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.
CVE-1999-0292 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Denial of service through Winpopup using large user names.
CVE-1999-0104 4 Caldera, Hp, Microsoft and 1 more 5 Openlinux, Hp-ux, Windows 95 and 2 more 2026-04-16 N/A
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
CVE-2003-1306 1 Microsoft 1 Urlscan 2026-04-16 N/A
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
CVE-1999-0869 2 Microsoft, Netscape 2 Internet Explorer, Navigator 2026-04-16 N/A
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.