| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. |
| Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. |
| Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. |
| Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. |
| The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. |
| Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. |
| Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. |
| NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." |
| The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. |
| Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. |
| Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. |
| IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. |
| Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. |
| IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. |
| Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link. |
| Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. |
| Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". |
| Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. |
