CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-1999-1537 DoS 1999-07-07 2017-10-10
5.0
None Remote Low Not required None None Partial
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
802 CVE-1999-1520 +Info 1999-05-11 2017-10-10
5.0
None Remote Low Not required Partial None None
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
803 CVE-1999-1478 DoS 1999-07-06 2017-10-10
5.0
None Remote Low Not required None None Partial
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
804 CVE-1999-1473 1999-12-31 2021-07-22
5.0
None Remote Low Not required Partial None None
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
805 CVE-1999-1472 1999-12-31 2021-07-22
5.0
None Remote Low Not required Partial None None
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
806 CVE-1999-1463 DoS Bypass 1997-07-10 2017-12-19
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session.
807 CVE-1999-1451 1999-12-31 2018-10-12
5.0
None Remote Low Not required Partial None None
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
808 CVE-1999-1447 DoS 1998-07-28 2021-07-22
5.0
None Remote Low Not required None None Partial
Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.
809 CVE-1999-1387 DoS Exec Code 1997-04-02 2016-10-18
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25.
810 CVE-1999-1375 1999-02-11 2016-10-18
5.0
None Remote Low Not required Partial None None
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.
811 CVE-1999-1291 1998-10-05 2017-12-19
5.0
None Remote Low Not required None None Partial
TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.
812 CVE-1999-1279 1999-12-31 2017-10-10
5.0
None Remote Low Not required Partial None None
An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.
813 CVE-1999-1254 DoS 1999-03-08 2017-12-19
5.0
None Remote Low Not required None None Partial
Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.
814 CVE-1999-1234 DoS 1999-10-26 2017-12-19
5.0
None Remote Low Not required None None Partial
LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo.
815 CVE-1999-1223 DoS 1999-12-31 2017-10-10
5.0
None Remote Low Not required None None Partial
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
816 CVE-1999-1222 DoS 1999-12-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.
817 CVE-1999-1201 DoS 1999-02-06 2017-10-10
5.0
None Remote Low Not required None None Partial
Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.
818 CVE-1999-1164 DoS 1999-06-25 2016-10-18
5.0
None Remote Low Not required None None Partial
Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.
819 CVE-1999-1157 DoS 1999-12-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
820 CVE-1999-1148 DoS 1999-12-31 2018-10-12
5.0
None Remote Low Not required None None Partial
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
821 CVE-1999-1132 DoS 1999-12-31 2016-10-18
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
822 CVE-1999-1128 Exec Code 1997-03-01 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
823 CVE-1999-1127 DoS 1999-12-31 2018-10-12
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
824 CVE-1999-1110 1999-11-14 2021-07-22
5.0
None Remote Low Not required Partial None None
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
825 CVE-1999-1105 1999-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
826 CVE-1999-1093 Exec Code Overflow 1999-12-31 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.
827 CVE-1999-1052 1999-08-24 2016-10-18
5.0
None Remote Low Not required Partial None None
Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.
828 CVE-1999-1043 DoS 1999-12-31 2020-04-02
5.0
None Remote Low Not required None None Partial
Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).
829 CVE-1999-1035 DoS 1999-12-31 2018-10-12
5.0
None Remote Low Not required None None Partial
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
830 CVE-1999-1033 1999-05-11 2016-10-18
5.0
None Remote Low Not required None None Partial
Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
831 CVE-1999-1016 DoS 1999-08-27 2021-07-22
5.0
None Remote Low Not required None None Partial
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
832 CVE-1999-0994 255 1999-12-16 2018-10-12
5.0
None Remote Low Not required Partial None None
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
833 CVE-1999-0981 59 1999-12-08 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
834 CVE-1999-0980 DoS 2000-05-16 2018-10-12
5.0
None Remote Low Not required None None Partial
Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
835 CVE-1999-0969 DoS 1998-09-29 2018-10-12
5.0
None Remote Low Not required None None Partial
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
836 CVE-1999-0945 120 DoS Overflow 2001-03-12 2020-04-02
5.0
None Remote Low Not required None None Partial
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
837 CVE-1999-0917 1999-05-27 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
838 CVE-1999-0910 1999-09-10 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
839 CVE-1999-0891 94 1999-09-01 2021-07-22
5.0
None Remote Low Not required Partial None None
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
840 CVE-1999-0867 20 DoS 1999-08-11 2018-10-12
5.0
None Remote Low Not required None None Partial
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
841 CVE-1999-0858 16 1999-12-02 2021-07-22
5.0
None Remote Low Not required None Partial None
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
842 CVE-1999-0819 1999-12-01 2016-10-18
5.0
None Remote Low Not required Partial None None
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
843 CVE-1999-0815 DoS 1999-12-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
844 CVE-1999-0755 255 1999-05-27 2018-10-12
5.0
None Remote Low Not required Partial None None
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
845 CVE-1999-0750 Exec Code 1999-09-13 2008-09-09
5.1
None Remote High Not required Partial Partial Partial
Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.
846 CVE-1999-0739 1999-05-07 2018-10-12
5.0
None Remote Low Not required Partial None None
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
847 CVE-1999-0738 1999-05-07 2018-10-12
5.0
None Remote Low Not required Partial None None
The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
848 CVE-1999-0737 1999-05-07 2018-10-12
5.0
None Remote Low Not required Partial None None
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
849 CVE-1999-0736 1999-05-07 2018-10-12
5.0
None Remote Low Not required Partial None None
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
850 CVE-1999-0682 1999-08-06 2020-04-02
5.0
None Remote Low Not required None None Partial
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
Total number of vulnerabilities : 883   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.