| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. |
| Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
| The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
| Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. |
| Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. |
| Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. |
| Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. |
| A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
| Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. |
| In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. |
| Remote command execution in Microsoft Internet Explorer using .lnk and .url files. |
| Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. |
| Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. |