CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-1999-0681 DoS Overflow 2001-03-12 2017-10-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
852 CVE-1999-0680 287 DoS 1999-08-09 2018-10-12
5.0
None Remote Low Not required None None Partial
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
853 CVE-1999-0668 Exec Code 1999-08-21 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
854 CVE-1999-0582 1997-01-01 2008-09-09
5.0
None Remote Low Not required None None Partial
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
855 CVE-1999-0469 1999-04-01 2021-07-22
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.
856 CVE-1999-0448 1999-01-01 2008-09-09
5.0
None Remote Low Not required Partial None None
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
857 CVE-1999-0444 DoS 1999-04-12 2008-09-09
5.0
None Remote Low Not required None None Partial
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
858 CVE-1999-0386 1999-03-01 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
859 CVE-1999-0357 DoS 1999-01-25 2008-09-09
5.0
None Remote Low Not required None None Partial
Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.
860 CVE-1999-0348 200 +Info 1999-01-27 2018-08-13
5.0
None Remote Low Not required Partial None None
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
861 CVE-1999-0294 DoS 1997-10-01 2008-09-09
5.0
None Remote Low Not required None None Partial
All records in a WINS database can be deleted through SNMP for a denial of service.
862 CVE-1999-0292 DoS 1997-04-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service through Winpopup using large user names.
863 CVE-1999-0288 DoS 1998-08-01 2018-05-03
5.0
None Remote Low Not required None None Partial
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
864 CVE-1999-0281 DoS 1997-06-01 2020-11-23
5.0
None Remote Low Not required None None Partial
Denial of service in IIS using long URLs.
865 CVE-1999-0278 1998-06-01 2018-10-12
5.0
None Remote Low Not required Partial None None
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
866 CVE-1999-0275 DoS 1997-06-10 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.
867 CVE-1999-0274 DoS 1997-01-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.
868 CVE-1999-0258 DoS 1998-02-13 2008-09-09
5.0
None Remote Low Not required None None Partial
Bonk variation of teardrop IP fragmentation denial of service.
869 CVE-1999-0229 DoS 1999-05-12 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Windows NT IIS server using ..\..
870 CVE-1999-0228 DoS 1997-02-07 2018-08-13
5.0
None Remote Low Not required None None Partial
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
871 CVE-1999-0227 264 DoS 1997-06-01 2018-08-13
5.0
None Remote Low Not required None None Partial
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
872 CVE-1999-0225 DoS 1998-02-14 2008-09-09
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.
873 CVE-1999-0224 DoS 1999-07-23 2008-09-09
5.0
None Remote Low Not required Partial None None
Denial of service in Windows NT messenger service through a long username.
874 CVE-1999-0179 17 Exec Code 1997-01-01 2018-08-13
5.0
None Remote Low Not required None None Partial
Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.
875 CVE-1999-0154 1999-12-31 2020-11-23
5.0
None Remote Low Not required Partial None None
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
876 CVE-1999-0153 DoS 1997-07-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
877 CVE-1999-0140 DoS 1999-06-30 2008-09-05
5.0
None Remote Low Not required None None Partial
Denial of service in RAS/PPTP on NT systems.
878 CVE-1999-0104 DoS 1997-12-16 2018-08-22
5.0
None Remote Low Not required None None Partial
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
879 CVE-1999-0077 1995-01-01 2017-10-10
5.0
None Remote Low Not required Partial None None
Predictable TCP sequence numbers allow spoofing.
880 CVE-1999-0016 DoS 1997-12-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Land IP denial of service.
881 CVE-1999-0015 DoS 1997-12-16 2018-05-03
5.0
None Remote Low Not required None None Partial
Teardrop IP denial of service.
882 CVE-1999-0012 Bypass 1998-02-06 2008-09-09
5.0
None Remote Low Not required Partial None None
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
883 CVE-1999-0007 327 1998-06-26 2020-04-02
5.0
None Remote Low Not required Partial None None
Information from SSL-encrypted sessions via PKCS #1.
Total number of vulnerabilities : 883   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.