Filtered by vendor Microsoft
Subscriptions
Total
20250 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1234 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | N/A |
| LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. | ||||
| CVE-1999-1233 | 1 Microsoft | 1 Internet Information Server | 2024-08-01 | N/A |
| IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. | ||||
| CVE-1999-1241 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
| Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object. | ||||
| CVE-1999-1246 | 1 Microsoft | 1 Site Server | 2024-08-01 | N/A |
| Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. | ||||
| CVE-1999-1223 | 1 Microsoft | 1 Internet Information Server | 2024-08-01 | N/A |
| IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. | ||||
| CVE-1999-1222 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | N/A |
| Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. | ||||
| CVE-1999-1105 | 1 Microsoft | 1 Windows 95 | 2024-08-01 | N/A |
| Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | ||||
| CVE-1999-1087 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
| Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. | ||||
| CVE-1999-1164 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-08-01 | N/A |
| Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. | ||||
| CVE-1999-1217 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | N/A |
| The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. | ||||
| CVE-1999-1127 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | 7.5 High |
| Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. | ||||
| CVE-1999-1157 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | N/A |
| Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. | ||||
| CVE-1999-1128 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
| Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user. | ||||
| CVE-1999-1148 | 1 Microsoft | 1 Internet Information Server | 2024-08-01 | N/A |
| FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. | ||||
| CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. | ||||
| CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
| Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | ||||
| CVE-1999-1097 | 1 Microsoft | 1 Netmeeting | 2024-08-01 | N/A |
| Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. | ||||
| CVE-1999-1093 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
| Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. | ||||
| CVE-1999-1084 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | N/A |
| The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash. | ||||
| CVE-1999-1104 | 1 Microsoft | 1 Windows 95 | 2024-08-01 | N/A |
| Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. | ||||