| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in NetMeeting allows denial of service and remote command execution. |
| Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message. |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. |
| Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
| Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |
| Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. |
| Denial of service in Windows NT messenger service through a long username. |
| Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. |
| IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. |
| Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. |
| In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. |
| Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
