| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. |
| The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. |
| Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. |
| Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. |
| The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. |
| Denial of service in various Windows systems via malformed, fragmented IGMP packets. |
| Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. |
| IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. |
| The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. |
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). |
| Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. |
| Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. |
| The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. |
| Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. |
| A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. |
| NETBIOS share information may be published through SNMP registry keys in NT. |
| A Windows NT local user or administrator account has a guessable password. |
| A Windows NT local user or administrator account has a default, null, blank, or missing password. |