| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
| Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. |
| Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. |
| Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. |
| Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
| A Windows NT local user or administrator account has a guessable password. |
| Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. |
| The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. |
| A version of finger is running that exposes valid user information to any entity on the network. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. |
| Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. |
| Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. |
| ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. |
