Export limit exceeded: 24923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-0244 | 1 Microsoft | 1 Index Server | 2026-04-16 | N/A |
| Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. | ||||
| CVE-2001-0245 | 1 Microsoft | 2 Index Server, Indexing Service | 2026-04-16 | N/A |
| Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. | ||||
| CVE-2001-0083 | 1 Microsoft | 1 Windows Media Services | 2026-04-16 | N/A |
| Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. | ||||
| CVE-2001-0089 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. | ||||
| CVE-2001-0090 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability. | ||||
| CVE-2001-0092 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. | ||||
| CVE-2001-0096 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. | ||||
| CVE-2001-0152 | 1 Microsoft | 1 Plus | 2026-04-16 | N/A |
| The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. | ||||
| CVE-2001-0153 | 1 Microsoft | 2 Visual Basic, Visual Studio | 2026-04-16 | N/A |
| Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands. | ||||
| CVE-2001-0162 | 1 Microsoft | 1 Windows Embedded Compact | 2026-04-16 | N/A |
| WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | ||||
| CVE-2000-1218 | 1 Microsoft | 5 Windows 2000, Windows 98, Windows 98se and 2 more | 2026-04-16 | 9.8 Critical |
| The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. | ||||
| CVE-2001-0004 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. | ||||
| CVE-2001-0005 | 1 Microsoft | 1 Powerpoint | 2026-04-16 | N/A |
| Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. | ||||
| CVE-2001-0017 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. | ||||
| CVE-2000-1209 | 2 Compaq, Microsoft | 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more | 2026-04-16 | N/A |
| The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. | ||||
| CVE-2000-1082 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
| CVE-2000-1083 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
| CVE-2000-1084 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
| CVE-2000-1085 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
| CVE-2000-1086 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||