Filtered by vendor Microsoft
Subscribe
Total
23518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0124 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2026-04-16 | 2.6 LOW | N/A |
| The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." | |||||
| CVE-2000-1085 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | 4.6 MEDIUM | N/A |
| The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-2002-1150 | 1 Microsoft | 1 Netmeeting | 2026-04-16 | 4.6 MEDIUM | N/A |
| The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. | |||||
| CVE-2004-0985 | 1 Microsoft | 1 Ie | 2026-04-16 | 10.0 HIGH | N/A |
| Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. | |||||
| CVE-2006-3439 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | 10.0 HIGH | N/A |
| Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. | |||||
| CVE-2000-0347 | 1 Microsoft | 2 Windows 95, Windows 98 | 2026-04-16 | 5.0 MEDIUM | N/A |
| Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. | |||||
| CVE-2005-1215 | 1 Microsoft | 1 Isa Server | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. | |||||
| CVE-2005-1207 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-04-16 | 7.2 HIGH | N/A |
| Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. | |||||
| CVE-1999-1279 | 1 Microsoft | 1 Sna Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. | |||||
| CVE-2005-2226 | 1 Microsoft | 1 Outlook Express | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2003-0226 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. | |||||
| CVE-2000-1088 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | 4.6 MEDIUM | N/A |
| The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-2006-3438 | 1 Microsoft | 1 Hyperlink Object Library | 2026-04-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." | |||||
| CVE-2005-3176 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | |||||
| CVE-2002-0859 | 1 Microsoft | 2 Jet, Sql Server | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. | |||||
| CVE-2000-0544 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | 5.0 MEDIUM | N/A |
| Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. | |||||
| CVE-1999-0379 | 1 Microsoft | 1 Backoffice Resource Kit | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. | |||||
| CVE-1999-0288 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 5.0 MEDIUM | N/A |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. | |||||
| CVE-2003-0223 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. | |||||
| CVE-2003-0009 | 1 Microsoft | 2 Windows Me, Windows Xp | 2026-04-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. | |||||