Vulnerabilities (CVE)

Vendor filter

Microsoft Subscribe

Filter

6484 total CVE
CVE Vendors Products Updated CVSS
CVE-2004-2179 1 Microsoft 2 Ie, Frontpage 2008-09-05 5.0
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
CVE-2004-2176 1 Microsoft 1 Windows Xp 2008-09-05 4.6
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
CVE-2004-2091 1 Microsoft 1 Baseline Security Analyzer 2008-09-05 5.0
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
CVE-2004-0540 1 Microsoft 1 Windows 2000 2008-09-05 10.0
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
CVE-2003-1482 1 Microsoft 1 Mn-500 Wireless Base Station 2008-09-05 4.6
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
CVE-2003-1275 1 Microsoft 1 Pocket Ie 2008-09-05 5.0
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
CVE-2003-0519 1 Microsoft 1 Ie 2008-09-05 5.0
Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.
CVE-2003-0513 1 Microsoft 1 Ie 2008-09-05 7.5
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie...
CVE-2002-2380 1 Microsoft 1 Network Firmware 2008-09-05 6.4
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
CVE-2002-2324 1 Microsoft 1 Windows Xp 2008-09-05 7.2
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access...
CVE-2002-2311 2 Microsoft, Opera Software 2 Opera Web Browser, Ie 2008-09-05 6.4
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. ...
CVE-2002-2202 1 Microsoft 1 Outlook Express 2008-09-05 3.8
Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.
CVE-2002-2189 2 Microsoft, Activxperts Software 2 Activwebserver, Windows 2003 Server 2008-09-05 5.1
Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link.
CVE-2002-2164 1 Microsoft 1 Outlook Express 2008-09-05 5.0
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
CVE-2002-2125 1 Microsoft 1 Ie 2008-09-05 6.4
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via...
CVE-2002-2117 1 Microsoft 1 Windows Xp 2008-09-05 5.0
Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
CVE-2002-2101 1 Microsoft 1 Outlook 2008-09-05 7.5
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
CVE-2002-2100 1 Microsoft 1 Outlook 2008-09-05 5.0
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
CVE-2002-2081 1 Microsoft 2 Site Server, Site Server Commerce 2008-09-05 5.0
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
CVE-2002-2062 1 Microsoft 1 Ie 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary...