Export limit exceeded: 24907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1107 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. | ||||
| CVE-2003-1105 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. | ||||
| CVE-2003-1463 | 2 Alt-n, Microsoft | 2 Webadmin, All Windows | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. | ||||
| CVE-1999-1463 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session. | ||||
| CVE-2001-0546 | 1 Microsoft | 1 Isa Server | 2026-04-16 | N/A |
| Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. | ||||
| CVE-2001-0723 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." | ||||
| CVE-2001-0724 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. | ||||
| CVE-2001-1238 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 7.8 High |
| Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | ||||
| CVE-2001-1452 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | 7.5 High |
| By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | ||||
| CVE-2001-0281 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. | ||||
| CVE-2001-0322 | 1 Microsoft | 3 Internet Explorer, Outlook, Outlook Express | 2026-04-16 | N/A |
| MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. | ||||
| CVE-2001-0332 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. | ||||
| CVE-2001-0335 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | ||||
| CVE-2001-0338 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." | ||||
| CVE-2001-0340 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | N/A |
| An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. | ||||
| CVE-2001-0346 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. | ||||
| CVE-2001-0347 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. | ||||
| CVE-2001-0349 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. | ||||
| CVE-1999-1370 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. | ||||
| CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | ||||