Search Results (24974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0726 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
CVE-2001-0727 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
CVE-2004-0848 1 Microsoft 6 Office, Powerpoint, Project and 3 more 2026-04-16 N/A
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
CVE-2003-1357 2 Microsoft, Replicom 2 Windows Nt, Proxyview 2026-04-16 N/A
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
CVE-2001-0860 1 Microsoft 2 Windows 2000, Windows Xp 2026-04-16 N/A
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
CVE-2001-0875 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
CVE-2001-0876 1 Microsoft 4 Windows 98, Windows 98se, Windows Me and 1 more 2026-04-16 N/A
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
CVE-2001-0902 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
CVE-2003-1378 1 Microsoft 2 Outlook, Outlook Express 2026-04-16 N/A
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
CVE-1999-0412 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVE-2001-0951 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
CVE-2003-1407 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
CVE-2001-0628 1 Microsoft 1 Word 2026-04-16 N/A
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
CVE-2001-0501 1 Microsoft 1 Word 2026-04-16 N/A
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
CVE-2001-0502 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
CVE-2001-0503 1 Microsoft 1 Netmeeting 2026-04-16 N/A
Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.
CVE-2001-0504 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
CVE-2001-0543 1 Microsoft 3 Exchange Server, Windows 2000, Windows Nt 2026-04-16 N/A
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
CVE-2001-0544 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
CVE-2003-1275 1 Microsoft 1 Pocket Ie 2026-04-16 N/A
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.