Search Results (24974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1484 1 Microsoft 1 Msn Setup Bulletin Board Services 2026-04-16 N/A
Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.
CVE-2000-0024 1 Microsoft 3 Internet Information Server, Site Server, Site Server Commerce 2026-04-16 N/A
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
CVE-1999-0877 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-1999-0898 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
CVE-1999-1055 1 Microsoft 1 Excel 2026-04-16 N/A
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
CVE-1999-1087 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
CVE-1999-1104 1 Microsoft 1 Windows 95 2026-04-16 N/A
Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.
CVE-2004-0540 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
CVE-2003-0223 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
CVE-2003-0224 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
CVE-2003-0116 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
CVE-2003-0114 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
CVE-1999-0802 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.
CVE-2003-0113 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
CVE-1999-0827 2 Microsoft, Netscape 3 Ie, Internet Explorer, Navigator 2026-04-16 N/A
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
CVE-1999-0407 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
CVE-1999-0448 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
CVE-1999-0578 1 Microsoft 1 Windows Nt 2026-04-16 N/A
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
CVE-1999-0582 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
CVE-2006-0028 1 Microsoft 2 Excel, Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.