Filtered by vendor Microsoft
Subscriptions
Total
24964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0129 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2026-04-16 | N/A |
| Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file. | ||||
| CVE-2006-2056 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-16 | N/A |
| Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | ||||
| CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | ||||
| CVE-2006-1511 | 1 Microsoft | 1 .net Framework | 2026-04-16 | N/A |
| Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. | ||||
| CVE-2006-1510 | 1 Microsoft | 1 .net Framework | 2026-04-16 | N/A |
| Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. | ||||
| CVE-2000-0070 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." | ||||
| CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | ||||
| CVE-2000-0085 | 1 Microsoft | 1 Hotmail | 2026-04-16 | N/A |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. | ||||
| CVE-2000-0089 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. | ||||
| CVE-2000-0098 | 1 Microsoft | 1 Index Server | 2026-04-16 | N/A |
| Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. | ||||
| CVE-2000-0105 | 1 Microsoft | 1 Outlook Express | 2026-04-16 | N/A |
| Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client. | ||||
| CVE-2000-0114 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | ||||
| CVE-2006-1359 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. | ||||
| CVE-2000-0024 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2026-04-16 | N/A |
| IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. | ||||
| CVE-2006-1388 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. | ||||
| CVE-2000-0025 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2026-04-16 | N/A |
| IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | ||||
| CVE-1999-1538 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. | ||||
| CVE-2006-0935 | 1 Microsoft | 1 Word | 2026-04-16 | N/A |
| Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. | ||||
| CVE-1999-1577 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method. | ||||
| CVE-1999-1579 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine. | ||||