Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 1999-02-19 | CVE-1999-0412 | Unspecified vulnerability in Microsoft products In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | 7.5 |
| 1999-01-30 | CVE-1999-0360 | Unspecified vulnerability in Microsoft Site Server 2.0 MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | 7.2 |
| 1999-01-26 | CVE-1999-0450 | Unspecified vulnerability in Microsoft products In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | 7.5 |
| 1999-01-26 | CVE-1999-0449 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. | 7.8 |
| 1999-01-05 | CVE-1999-0391 | Unspecified vulnerability in Microsoft Terminal Server, Windows 2000 and Windows NT The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. | 7.5 |
| 1999-01-01 | CVE-1999-0549 | Unspecified vulnerability in Microsoft Windows NT Windows NT automatically logs in an administrator upon rebooting. | 7.2 |
| 1998-10-01 | CVE-1999-0506 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT A Windows NT domain user or administrator account has a default, null, blank, or missing password. | 7.2 |
| 1998-10-01 | CVE-1999-0505 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT A Windows NT domain user or administrator account has a guessable password. | 7.2 |
| 1998-06-29 | CVE-1999-1556 | Unspecified vulnerability in Microsoft SQL Server 6.5 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. | 7.2 |
| 1998-04-01 | CVE-1999-0537 | A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. | 7.5 |