| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character. |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. |
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). |
| A Windows NT local user or administrator account has a guessable password. |
| A NETBIOS/SMB share password is guessable. |
| The Windows NT guest account is enabled. |
| Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. |
| The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. |
| Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. |
| Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. |
| The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. |
| IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. |
| Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. |
| Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. |
| Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability. |
| The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. |
| The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. |
