Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23403 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | ||||
| CVE-2001-0335 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | ||||
| CVE-2000-0202 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | N/A |
| Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | ||||
| CVE-2000-0201 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. | ||||
| CVE-2000-0156 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. | ||||
| CVE-2000-0153 | 1 Microsoft | 2 Frontpage, Personal Web Server | 2025-04-03 | N/A |
| FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. | ||||
| CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | ||||
| CVE-2000-0100 | 1 Microsoft | 1 Systems Management Server | 2025-04-03 | N/A |
| The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. | ||||
| CVE-2000-0098 | 1 Microsoft | 1 Index Server | 2025-04-03 | N/A |
| Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. | ||||
| CVE-2001-0506 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | ||||
| CVE-2001-0542 | 1 Microsoft | 1 Sql Server | 2025-04-03 | N/A |
| Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. | ||||
| CVE-2001-0545 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. | ||||
| CVE-2000-0097 | 1 Microsoft | 1 Index Server | 2025-04-03 | N/A |
| The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. | ||||
| CVE-2001-0660 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). | ||||
| CVE-2001-0721 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2025-04-03 | N/A |
| Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. | ||||
| CVE-2000-0085 | 1 Microsoft | 1 Hotmail | 2025-04-03 | N/A |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. | ||||
| CVE-2000-0082 | 1 Microsoft | 1 Webtv | 2025-04-03 | N/A |
| WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. | ||||
| CVE-1999-1556 | 1 Microsoft | 1 Sql Server | 2025-04-03 | N/A |
| Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. | ||||
| CVE-1999-1474 | 1 Microsoft | 1 Powerpoint | 2025-04-03 | N/A |
| PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer. | ||||
| CVE-1999-1473 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." | ||||