The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
Max CVSS
7.6
EPSS Score
26.99%
Published
1999-11-12
Updated
2018-10-12
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
Max CVSS
5.1
EPSS Score
1.94%
Published
1999-11-11
Updated
2021-07-22
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
Max CVSS
5.0
EPSS Score
2.86%
Published
1999-08-24
Updated
2018-10-12
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
Max CVSS
7.6
EPSS Score
0.30%
Published
1999-10-21
Updated
2018-10-12
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
Max CVSS
7.2
EPSS Score
0.08%
Published
1999-08-20
Updated
2018-10-12
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
Max CVSS
7.6
EPSS Score
1.28%
Published
1999-07-28
Updated
2018-10-15
FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack.
Max CVSS
5.0
EPSS Score
71.23%
Published
1999-03-26
Updated
2008-09-10
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
Max CVSS
7.2
EPSS Score
0.05%
Published
1999-12-29
Updated
2018-10-12
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
Max CVSS
5.0
EPSS Score
0.38%
Published
1999-11-17
Updated
2018-10-12
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
Max CVSS
5.0
EPSS Score
0.46%
Published
1999-12-22
Updated
2018-10-12
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
Max CVSS
5.0
EPSS Score
1.53%
Published
1999-12-21
Updated
2018-10-12
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Max CVSS
6.4
EPSS Score
0.89%
Published
1999-12-21
Updated
2018-10-12
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
Max CVSS
7.5
EPSS Score
9.56%
Published
1999-12-31
Updated
2008-09-05
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
Max CVSS
5.1
EPSS Score
0.21%
Published
1999-09-24
Updated
2021-07-22
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
Max CVSS
5.1
EPSS Score
0.50%
Published
1999-10-31
Updated
2021-07-22
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
Max CVSS
5.1
EPSS Score
1.25%
Published
1999-09-10
Updated
2021-07-22
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
Max CVSS
5.0
EPSS Score
7.35%
Published
1999-01-24
Updated
2016-10-18
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
Max CVSS
5.0
EPSS Score
0.86%
Published
1999-07-07
Updated
2017-10-10
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
Max CVSS
5.0
EPSS Score
0.72%
Published
1999-05-11
Updated
2017-10-10
Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.
Max CVSS
7.5
EPSS Score
0.29%
Published
1999-09-24
Updated
2017-12-19
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
Max CVSS
5.0
EPSS Score
89.52%
Published
1999-07-06
Updated
2017-10-10
PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer.
Max CVSS
7.5
EPSS Score
1.40%
Published
1999-12-31
Updated
2017-12-19
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
Max CVSS
5.0
EPSS Score
0.49%
Published
1999-12-31
Updated
2021-07-22
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
Max CVSS
5.0
EPSS Score
2.43%
Published
1999-12-31
Updated
2021-07-22
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
Max CVSS
7.5
EPSS Score
2.80%
Published
1999-12-31
Updated
2017-10-10
154 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!