Filtered by vendor Microsoft
Subscriptions
Total
20425 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0120 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-20 | N/A |
| The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | ||||
| CVE-2004-0119 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2024-11-20 | 7.5 High |
| The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. | ||||
| CVE-2004-0118 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | N/A |
| The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code. | ||||
| CVE-2004-0117 | 1 Microsoft | 6 Netmeeting, Windows 2000, Windows 2003 Server and 3 more | 2024-11-20 | N/A |
| Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. | ||||
| CVE-2004-0116 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-20 | N/A |
| An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | ||||
| CVE-2004-0115 | 1 Microsoft | 1 Virtual Pc | 2024-11-20 | N/A |
| VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file. | ||||
| CVE-2003-1590 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2024-11-20 | N/A |
| Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. | ||||
| CVE-2003-1589 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2024-11-20 | N/A |
| Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. | ||||
| CVE-2003-1582 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | N/A |
| Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | ||||
| CVE-2003-1579 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2024-11-20 | N/A |
| Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | ||||
| CVE-2003-1569 | 2 Goahead, Microsoft | 4 Goahead Webserver, Windows 95, Windows 98 and 1 more | 2024-11-20 | N/A |
| GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. | ||||
| CVE-2003-1567 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | N/A |
| The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. | ||||
| CVE-2003-1566 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | N/A |
| Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. | ||||
| CVE-2003-1559 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-20 | N/A |
| Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
| CVE-2003-1544 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | N/A |
| Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded. | ||||
| CVE-2003-1505 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. | ||||
| CVE-2003-1484 | 1 Microsoft | 1 Ie | 2024-11-20 | N/A |
| Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute. | ||||
| CVE-2003-1482 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2024-11-20 | N/A |
| The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. | ||||
| CVE-2003-1477 | 2 Clearswift, Microsoft | 2 Mailsweeper For Smtp, All Windows | 2024-11-20 | N/A |
| MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects." | ||||
| CVE-2003-1472 | 2 3d-ftp, Microsoft | 2 3d-ftp, All Windows | 2024-11-20 | N/A |
| Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner. | ||||