Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
1998-10-01 CVE-1999-0506 Local Security vulnerability in Microsoft Windows 2000 and Windows NT
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
local
low complexity
microsoft
7.2
1998-10-01 CVE-1999-0505 Local Security vulnerability in Microsoft Windows 2000 and Windows NT
A Windows NT domain user or administrator account has a guessable password.
local
low complexity
microsoft
7.2
1998-09-29 CVE-1999-0969 Unspecified vulnerability in Microsoft Windows NT 4.0
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
network
low complexity
microsoft
5.0
1998-09-04 CVE-1999-0871 Unspecified vulnerability in Microsoft Internet Explorer 4.0/4.0.1
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.
network
high complexity
microsoft
2.6
1998-08-01 CVE-1999-0344 Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows NT 3.5.1/4.0
NT users can gain debug-level access on a system process using the Sechole exploit.
local
low complexity
microsoft CWE-264
7.2
1998-08-01 CVE-1999-0288 Unspecified vulnerability in Microsoft Windows NT 4.0
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
network
low complexity
microsoft
5.0
1998-07-28 CVE-1999-1447 Unspecified vulnerability in Microsoft Internet Explorer 4.0
Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.
network
low complexity
microsoft
5.0
1998-06-29 CVE-1999-1556 Unspecified vulnerability in Microsoft SQL Server 6.5
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
local
low complexity
microsoft
7.2
1998-06-26 CVE-1999-0007 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products
Information from SSL-encrypted sessions via PKCS #1.
network
low complexity
c2net hp microsoft netscape ssleay CWE-327
5.0
1998-06-01 CVE-1999-0278 Unspecified vulnerability in Microsoft Internet Information Server and Windows NT
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
network
low complexity
microsoft
5.0