CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0007 327 1998-06-26 2020-04-02
5.0
None Remote Low Not required Partial None None
Information from SSL-encrypted sessions via PKCS #1.
2 CVE-1999-0012 Bypass 1998-02-06 2008-09-09
5.0
None Remote Low Not required Partial None None
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
3 CVE-1999-0015 DoS 1997-12-16 2018-05-03
5.0
None Remote Low Not required None None Partial
Teardrop IP denial of service.
4 CVE-1999-0016 DoS 1997-12-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Land IP denial of service.
5 CVE-1999-0077 1995-01-01 2017-10-10
5.0
None Remote Low Not required Partial None None
Predictable TCP sequence numbers allow spoofing.
6 CVE-1999-0104 DoS 1997-12-16 2018-08-22
5.0
None Remote Low Not required None None Partial
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
7 CVE-1999-0140 DoS 1999-06-30 2008-09-05
5.0
None Remote Low Not required None None Partial
Denial of service in RAS/PPTP on NT systems.
8 CVE-1999-0153 DoS 1997-07-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
9 CVE-1999-0154 1999-12-31 2020-11-23
5.0
None Remote Low Not required Partial None None
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
10 CVE-1999-0179 17 Exec Code 1997-01-01 2018-08-13
5.0
None Remote Low Not required None None Partial
Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.
11 CVE-1999-0224 DoS 1999-07-23 2008-09-09
5.0
None Remote Low Not required Partial None None
Denial of service in Windows NT messenger service through a long username.
12 CVE-1999-0225 DoS 1998-02-14 2008-09-09
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.
13 CVE-1999-0227 264 DoS 1997-06-01 2018-08-13
5.0
None Remote Low Not required None None Partial
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
14 CVE-1999-0228 DoS 1997-02-07 2018-08-13
5.0
None Remote Low Not required None None Partial
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
15 CVE-1999-0229 DoS 1999-05-12 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Windows NT IIS server using ..\..
16 CVE-1999-0258 DoS 1998-02-13 2008-09-09
5.0
None Remote Low Not required None None Partial
Bonk variation of teardrop IP fragmentation denial of service.
17 CVE-1999-0274 DoS 1997-01-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.
18 CVE-1999-0275 DoS 1997-06-10 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.
19 CVE-1999-0278 1998-06-01 2018-10-12
5.0
None Remote Low Not required Partial None None
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
20 CVE-1999-0281 DoS 1997-06-01 2020-11-23
5.0
None Remote Low Not required None None Partial
Denial of service in IIS using long URLs.
21 CVE-1999-0288 DoS 1998-08-01 2018-05-03
5.0
None Remote Low Not required None None Partial
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
22 CVE-1999-0292 DoS 1997-04-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service through Winpopup using large user names.
23 CVE-1999-0294 DoS 1997-10-01 2008-09-09
5.0
None Remote Low Not required None None Partial
All records in a WINS database can be deleted through SNMP for a denial of service.
24 CVE-1999-0348 200 +Info 1999-01-27 2018-08-13
5.0
None Remote Low Not required Partial None None
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
25 CVE-1999-0357 DoS 1999-01-25 2008-09-09
5.0
None Remote Low Not required None None Partial
Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.
26 CVE-1999-0386 1999-03-01 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
27 CVE-1999-0444 DoS 1999-04-12 2008-09-09
5.0
None Remote Low Not required None None Partial
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
28 CVE-1999-0448 1999-01-01 2008-09-09
5.0
None Remote Low Not required Partial None None
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
29 CVE-1999-0469 1999-04-01 2021-07-22
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.
30 CVE-1999-0582 1997-01-01 2008-09-09
5.0
None Remote Low Not required None None Partial
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
31 CVE-1999-0668 Exec Code 1999-08-21 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
32 CVE-1999-0680 287 DoS 1999-08-09 2018-10-12
5.0
None Remote Low Not required None None Partial
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
33 CVE-1999-0681 DoS Overflow 2001-03-12 2017-10-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
34 CVE-1999-0682 1999-08-06 2020-04-02
5.0
None Remote Low Not required None None Partial
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
35 CVE-1999-0736 1999-05-07 2018-10-12
5.0
None Remote Low Not required Partial None None
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
36 CVE-1999-0737 1999-05-07 2018-10-12
5.0
None Remote Low Not required Partial None None
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
37 CVE-1999-0738 1999-05-07 2018-10-12
5.0
None Remote Low Not required Partial None None
The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
38 CVE-1999-0739 1999-05-07 2018-10-12
5.0
None Remote Low Not required Partial None None
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
39 CVE-1999-0750 Exec Code 1999-09-13 2008-09-09
5.1
None Remote High Not required Partial Partial Partial
Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.
40 CVE-1999-0755 255 1999-05-27 2018-10-12
5.0
None Remote Low Not required Partial None None
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
41 CVE-1999-0815 DoS 1999-12-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
42 CVE-1999-0819 1999-12-01 2016-10-18
5.0
None Remote Low Not required Partial None None
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
43 CVE-1999-0858 16 1999-12-02 2021-07-22
5.0
None Remote Low Not required None Partial None
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
44 CVE-1999-0867 20 DoS 1999-08-11 2018-10-12
5.0
None Remote Low Not required None None Partial
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
45 CVE-1999-0891 94 1999-09-01 2021-07-22
5.0
None Remote Low Not required Partial None None
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
46 CVE-1999-0910 1999-09-10 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
47 CVE-1999-0917 1999-05-27 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
48 CVE-1999-0945 120 DoS Overflow 2001-03-12 2020-04-02
5.0
None Remote Low Not required None None Partial
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
49 CVE-1999-0969 DoS 1998-09-29 2018-10-12
5.0
None Remote Low Not required None None Partial
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
50 CVE-1999-0980 DoS 2000-05-16 2018-10-12
5.0
None Remote Low Not required None None Partial
Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
Total number of vulnerabilities : 926   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.