Total
1352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2120 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
|
|||||
| CVE-2006-1591 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
|
|||||
| CVE-2002-1325 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
|
|||||
| CVE-2005-0551 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
|
|||||
| CVE-2003-0909 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
|
|||||
| CVE-2004-0894 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
|
|||||
| CVE-2005-2122 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
|
|||||
| CVE-2002-0863 | 1 Microsoft | 5 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
|
|||||
| CVE-2005-4360 | 1 Microsoft | 2 Internet Information Services, Windows Xp | 2025-04-03 | 7.8 HIGH | N/A |
|
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
|
|||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 5.4 MEDIUM | N/A |
|
The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
|
|||||
| CVE-2005-0954 | 1 Microsoft | 3 Internet Explorer, Windows Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file.
|
|||||
| CVE-2005-1984 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
|
|||||
| CVE-2005-1649 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
|
|||||
| CVE-2004-0208 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
|
|||||
| CVE-2006-0012 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
|
|||||
| CVE-2006-2334 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
|
|||||
| CVE-2006-0006 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2025-04-03 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
|
|||||
| CVE-2004-0839 | 3 Avaya, Microsoft, Nortel | 18 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 15 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
|
|||||
| CVE-2006-1475 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file.
|
|||||
| CVE-2005-0053 | 1 Microsoft | 8 Ie, Internet Explorer, Windows 2000 and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
|
|||||
| CVE-2006-0023 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already requi ...
Show More |
|||||
| CVE-2003-0719 | 1 Microsoft | 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
|
|||||
| CVE-2020-7485 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1
|
|||||
| CVE-2020-7484 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
|
|||||
| CVE-2020-7483 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 an ...
Show More |
|||||
| CVE-2019-5620 | 2 Hitachienergy, Microsoft | 3 Microscada Pro Sys600, Windows 7, Windows Xp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
|
|||||
| CVE-2019-1489 | 1 Microsoft | 1 Windows Xp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.
|
|||||
| CVE-2018-5457 | 2 Microsoft, Vyaire | 2 Windows Xp, Carefusion Upgrade Utility | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.
|
|||||
| CVE-2017-14010 | 2 Microsoft, Spidercontrol | 6 Windows 10, Windows 7, Windows 8 and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
|
|||||
| CVE-2014-9748 | 3 Libuv, Microsoft, Nodejs | 4 Libuv, Windows Server 2003, Windows Xp and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
|
|||||
| CVE-2012-5364 | 1 Microsoft | 4 Windows 7, Windows Server 2003, Windows Vista and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
|
|||||
| CVE-2012-5362 | 1 Microsoft | 4 Windows 7, Windows Server 2003, Windows Vista and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.
|
|||||