Export limit exceeded: 24123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24123 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | ||||
| CVE-2002-1749 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. | ||||
| CVE-2002-1762 | 1 Microsoft | 1 Baseline Security Analyzer | 2026-04-16 | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. | ||||
| CVE-2001-0546 | 1 Microsoft | 1 Isa Server | 2026-04-16 | N/A |
| Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. | ||||
| CVE-1999-1463 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session. | ||||
| CVE-2001-0246 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability. | ||||
| CVE-2001-0712 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. | ||||
| CVE-2001-0245 | 1 Microsoft | 2 Index Server, Indexing Service | 2026-04-16 | N/A |
| Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. | ||||
| CVE-2001-0238 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2026-04-16 | N/A |
| Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. | ||||
| CVE-1999-1447 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag. | ||||
| CVE-2001-0002 | 1 Microsoft | 2 Internet Explorer, Windows Script Host | 2026-04-16 | N/A |
| Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. | ||||
| CVE-2001-0018 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. | ||||
| CVE-2001-0146 | 1 Microsoft | 2 Exchange Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | ||||
| CVE-2001-0148 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. | ||||
| CVE-2006-4888 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. | ||||
| CVE-2001-0658 | 1 Microsoft | 1 Isa Server | 2026-04-16 | N/A |
| Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. | ||||
| CVE-1999-1431 | 1 Microsoft | 1 Zero Administration Kit | 2026-04-16 | N/A |
| ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe. | ||||
| CVE-2005-4360 | 1 Microsoft | 2 Internet Information Services, Windows Xp | 2026-04-16 | N/A |
| The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). | ||||
| CVE-2003-0411 | 2 Microsoft, Oracle | 3 Windows 2000, Windows Xp, Sun One Application Server | 2026-04-16 | 7.5 High |
| Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | ||||
| CVE-2002-1564 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability. | ||||