Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 24883 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0469 1 Microsoft 1 Internet Explorer 2026-06-16 5.0 MEDIUM N/A
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.
CVE-1999-0468 1 Microsoft 1 Internet Explorer 2026-06-16 2.6 LOW 8.2 HIGH
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
CVE-1999-0450 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-06-16 7.5 HIGH N/A
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
CVE-1999-0449 1 Microsoft 1 Internet Information Server 2026-06-16 7.8 HIGH N/A
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
CVE-1999-0448 1 Microsoft 1 Internet Information Server 2026-06-16 5.0 MEDIUM N/A
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
CVE-1999-0444 1 Microsoft 3 Windows 95, Windows 98, Windows Nt 2026-06-16 5.0 MEDIUM N/A
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
CVE-1999-0412 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-06-16 7.5 HIGH N/A
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVE-1999-0407 1 Microsoft 1 Internet Information Server 2026-06-16 10.0 HIGH N/A
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
CVE-1999-0391 1 Microsoft 3 Terminal Server, Windows 2000, Windows Nt 2026-06-16 7.5 HIGH N/A
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
CVE-1999-0387 1 Microsoft 2 Windows 95, Windows 98 2026-06-16 7.8 HIGH N/A
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
CVE-1999-0386 1 Microsoft 2 Frontpage, Personal Web Server 2026-06-16 5.0 MEDIUM N/A
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
CVE-1999-0385 1 Microsoft 1 Exchange Server 2026-06-16 10.0 HIGH N/A
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
CVE-1999-0384 1 Microsoft 6 Office, Outlook, Project and 3 more 2026-06-16 4.6 MEDIUM N/A
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
CVE-1999-0382 1 Microsoft 1 Windows Nt 2026-06-16 7.2 HIGH N/A
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
CVE-1999-0379 1 Microsoft 1 Backoffice Resource Kit 2026-06-16 7.5 HIGH N/A
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
CVE-1999-0376 1 Microsoft 1 Windows Nt 2026-06-16 4.6 MEDIUM N/A
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
CVE-1999-0372 1 Microsoft 3 Backoffice, Windows 2000, Windows Nt 2026-06-16 2.1 LOW N/A
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
CVE-1999-0366 1 Microsoft 1 Windows Nt 2026-06-16 7.5 HIGH N/A
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
CVE-1999-0364 2 Fms Inc., Microsoft 2 Total Vb Sourcebook, Access 2026-06-16 10.0 HIGH N/A
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
CVE-1999-0360 1 Microsoft 1 Site Server 2026-06-16 7.2 HIGH N/A
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.