460 matches found
CVE-1999-0519
CVE-1999-0519 describes a Windows SMB/NETBIOS issue where a share password is default, null, or missing, enabling NULL session authentication bypass. Public sources (NVD, Red Hat, SUSE, OpenVAS/Nessus entries) consistently describe an authentication bypass risk tied to SMB/NETBIOS NULL sessions. ...
CVE-1999-0511
CVE-1999-0511 covers IP forwarding being enabled on a host that is not a router or firewall. Multiple connected sources confirm this condition and document remediation: disable IP forwarding (e.g., sysctl net.ipv4.ip_forward and related settings) and reboot where applicable. IBM bulletin notes a ...
CVE-2003-0001
The CVE-2003-0001 issue, known as Etherleak, is an information-disclosure vulnerability caused by NIC/device drivers not padding Ethernet frames with null bytes, allowing an adjacent attacker to glimpse memory content from previously transmitted packets. Connected documents show this vulnerabilit...
CVE-2003-0352
CVE-2003-0352 describes a buffer overflow vulnerability in the DCOM RPC interface (RPCSS) of Windows NT 4.0 SP3-6a, Windows 2000, XP, and Server 2003. The issue is a stack/heap buffer overflow triggered by a malformed DCERPC DCOM object activation request with modified length fields, allowing rem...
CVE-2003-0533
The CVE-2003-0533 issue is a stack-based buffer overflow in LSASS (LSASRV.DLL) affecting multiple Windows platforms (NT 4.0 SP6a, 2000 SP2–SP4, XP SP1, Server 2003) and related products. The underlying flaw is in the DS RolerUpgradeDownlevelServer function invoked via DCERPC, which can cause an o...
CVE-2009-2493
CVE-2009-2493 : Microsoft’s ATL vulnerability enables remote code execution when a user loads a specially crafted component/control hosted on a malicious page. The issue is described in MS09-037 (ATL vulnerabilities) and is addressed by Microsoft security bulletin updates; affected products inclu...
CVE-2010-0480
CVE-2010-0480 is a remote code execution vulnerability in Microsoft MPEG Layer-3 codecs. The issue arises from multiple stack-based buffer overflows in the MPEG Layer-3 audio decoders (l3codecx.ax and related ACM codecs) when processing crafted AVI files, affecting Windows 2000 SP4, XP SP2/SP3, S...
CVE-2008-4114
The CVE-2008-4114 issue affects the Windows SMB SRV.SYS driver (WriteAndX handling) across multiple Windows platforms (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista Gold/SP1, Server 2008). The vulnerability arises from insufficient validation of the SMB WRITE_ANDX DataOffset, which can...
CVE-2006-3439
CVE-2006-3439 is a buffer overflow in the Server Service (SRVSVC) RPC interface that can be triggered by malformed parameters to SRVSVC API functions, enabling remote code execution on affected Windows versions. Public context from connected docs shows exploits and disclosures tied to MS06-040, a...
CVE-1999-0506
CVE-1999-0506 affects Windows NT domain accounts with a default, null, blank, or missing password. The included sources confirm the issue as a weak-password scenario enabling logins when no proper credentials are configured, with related references noting blank administrator passwords and weak cr...
CVE-2002-1561
The CVE-2002-1561 issue affects the Windows RPC service stack (RPC Endpoint Mapper) on Windows 2000, NT 4.0, and XP. A malformed packet to TCP 135 can trigger a NULL pointer dereference in the RPC Endpoint Mapper, causing the RPC service to terminate and resulting in a denial of service for RPC-b...
CVE-2009-0086
CVE-2009-0086 describes an integer underflow in Windows HTTP Services (WinHTTP) that allows remote code execution when a remote server sends crafted values in a response. The vulnerability affects multiple Windows versions, including Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista (Gold/...
CVE-1999-0505
CVE-1999-0505 affects Windows NT domain accounts where a guessable password enables local access. The NVD entry lists a LOCAL attack vector with LOW complexity, and NULL authentication, yielding complete confidentiality, integrity, and availability impact. Connected Red Hat/NVD records reiterate ...
CVE-2010-0268
CVE-2010-0268 describes a remote code execution vulnerability in the Windows Media Player ActiveX control (Windows Media Player 9 Series) on Windows 2000 SP4 and Windows XP SP2/SP3. The issue arises because the ActiveX control incorrectly handles specially crafted media content hosted on a malici...
CVE-2010-0028
CVE-2010-0028 is a remote code execution vulnerability in Microsoft Paint caused by an integer/heap overflow while decoding JPEG images. Affected software includes Windows 2000 SP4, Windows XP SP2/SP3, and Windows Server 2003 SP2 (Paint decode path). Microsoft released MS10-005 to address the fla...
CVE-2010-0231
CVE-2010-0231 involves the SMB server’s NTLM authentication on Windows 2000/XP/2003/Vista/Server 2008/7 where insufficient entropy in server-generated challenges (duplicate NTLM nonces) allows remote attackers to access files and SMB resources after many authentication requests. Root cause: weak ...
CVE-2010-0020
CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...
CVE-2008-4834
CVE-2008-4834 corresponds to a buffer overflow in the Server service of Microsoft Windows SMB handling. Affected products include Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP1/SP2. The root cause is improper validation of SMB NT Trans request data, allowing remote attackers to craft m...
CVE-2006-7210
The CVE-2006-7210 entry relates to Microsoft Windows 2000, XP, and Server 2003 where remote attackers can trigger a DoS (CPU consumption) by viewing a crafted PNG image that abuses the IHDR block (specifics: crafted Width and Height values). The vulnerability affects the PNG image handling path i...
CVE-2008-4835
CVE-2008-4835 affects Microsoft Windows SMB Server service across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1/Gold, and Server 2008. The root cause is insufficient validation of buffer size for malformed values inside NT Trans2 SMB requests, enabling remote code execution. The vu...
CVE-2005-0356
CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...
CVE-2006-0010
CVE-2006-0010 describes a heap-based buffer overflow in T2EMBED.DLL on Windows platforms (Windows 98/ME, Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 up to SP1). The overflow is triggered while Windows decompresses Embedded Open Type (EOT) fonts referenced by web pages or email, allo...
CVE-2003-0605
The CVE-2003-0605 issue affects the Microsoft Windows RPCSS DCOM interface, specifically on Windows 2000 Server/Workstation with SP3/SP4. A denial-of-service vulnerability can be triggered by crafted messages to the __RemoteGetClassObject interface that cause a NULL pointer in PerformScmStage, en...
CVE-2003-0109
CVE-2003-0109 is a remote code execution flaw caused by a buffer overflow in the Windows NTDLL.DLL when processing a WebDAV request to IIS 5.0. The vulnerability affects Windows NT 4.0/Terminal Server, Windows 2000, and Windows XP, with confirmed exploit examples and public PoCs (e.g., MS03-007) ...
CVE-2009-2507
CVE-2009-2507 describes a remote code execution via an ActiveX control in the Microsoft Windows Indexing Service. The vulnerability arises because the Indexing Service ActiveX component does not properly handle specially crafted URLs, enabling a remote attacker to load/execute arbitrary code on a...
CVE-2009-0090
CVE-2009-0090 corresponds to a high-severity remote code execution vulnerability in Microsoft .NET Framework. The issue arises because .NET Framework versions 1.0 SP3, 1.1 SP1 and 2.0 SP1 do not properly validate verifiable code, enabling a remote attacker to execute arbitrary code and read stack...
CVE-2004-0790
CVE-2004-0790 describes a denial-of-service condition caused by spoofed ICMP error messages that disrupt TCP connections. In published connected materials, the vulnerability is tied to BIG-IP products, notably FastL4 accelerated virtual servers on ePVA-equipped platforms (e.g., VIPRION blades and...
CVE-2006-6296
The CVE-2006-6296 issue affects the Windows Print Spooler (SPOOLSS) via the RpcGetPrinterData function in spoolsv.exe. A remote attacker can trigger a denial of service by sending a crafted RPC request with a large output buffer size, causing memory consumption on affected systems. Affected produ...
CVE-2010-0022
CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...
CVE-2006-0988
CVE-2006-0988 : The default configuration of the DNS Server on Windows Server 2003/2000 and Microsoft DNS Server on Windows NT 4.0 permits recursive queries and reveals delegation information to arbitrary IPs, enabling remote attackers to cause a denial of service (traffic amplification) via spoo...
CVE-2010-0021
CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...
CVE-2003-0528
Technical details for CVE-2003-0528 are not publicly provided in the supplied documents. Monitor for updates from official advisories; related CVEs (e.g., CVE-2003-0352) are discussed but do not specify 0528 specifics.
CVE-2003-0661
The CVE-2003-0661 entry concerns the NetBIOS NBNS information disclosure vulnerability in Windows NT 4.0, 2000, XP, and Server 2003. The NBNS response may leak random memory contents from the target, potentially revealing sensitive data to remote attackers. Public details across connected documen...
CVE-1999-0499
CVE-1999-0499 describes exposure of NETBIOS share information in Windows NT by publishing it through SNMP registry keys. Connected sources (Red Hat advisory; Nessus LANMAN disclosures) confirm information disclosure via SNMP OIDs for LanMan services/shares/users, enabling an attacker to learn tar...
CVE-2003-0822
Affected software : Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002. Vulnerability : a buffer overflow in the debug functionality of fp30reg.dll (MS03-051) that can be triggered via a crafted chunked-encoded request, allowing remote code execution. Impact : remote attacker could execut...
CVE-1999-0535
CVE-1999-0535 affects Windows NT password policy settings. The connected records consistently describe a vulnerability where the account policy for passwords allows insecure configurations (e.g., inadequate minimum length, inappropriate password age, and lack of uniqueness), leading to potential ...
CVE-2004-0120
CVE-2004-0120 is a denial-of-service vulnerability in the Microsoft SSL library used by Windows 2000, Windows XP, and Windows Server 2003. A specially crafted malformed SSL message could cause the system to stop accepting SSL connections (Windows 2000/XP) or, on Windows Server 2003, to automatica...
CVE-2009-0550
CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...
CVE-2003-0818
CVE-2003-0818 covers a heap-based overflow in the Microsoft ASN.1 library (MSASN1.DLL) used by Windows components (LSASS.EXE, CRYPT32.DLL) on Windows NT 4.0/2000/XP. The vulnerability affects BER decoding of ASN.1 data, with two vectors: (1) very large length fields overwriting heap data, and (2)...
CVE-2009-2497
CVE-2009-2497 covers a Microsoft CLR vulnerability in .NET Framework 2.0–3.5 SP1 and Silverlight 2 where the CLR mishandles interfaces, enabling remote code execution via XBAPs, Silverlight, ASP.NET, or .NET applications. Connected docs confirm Microsoft issued MS09-061 to address three related v...
CVE-2009-2510
Technical details for CVE-2009-2510 are not publicly provided in the connected documents. Please monitor for updates.
CVE-2009-0091
CVE-2009-0091 is a Microsoft .NET Framework Type Verification Vulnerability. The issue involves .NET Framework 2.0, 2.0 SP1, and 3.5 where a type-equality check in verifiable code could be bypassed, allowing remote code execution via crafted XBAP, ASP.NET, or .NET Framework applications. Public d...
CVE-2002-2132
CVE-2002-2132 concerns Windows File Protection (WFP) in Windows 2000 and XP. The vulnerability arises because WFP does not remove old security catalog (.CAT) files, enabling local attackers to replace legitimate, updated files with older, vulnerable versions that still have valid hash codes. The ...
CVE-2007-1748
This CVE refers to a stack-based buffer overflow in the Microsoft DNS Server RPC interface (DnssrvQuery) that can be triggered by a long zone name containing escape sequences, leading to remote code execution. Affected products include Windows 2000 Server and Windows Server 2003 (SP1/SP2). The un...
CVE-2005-2117
CVE-2005-2117 refers to a remote code execution vulnerability in the Windows Shell Web View script injection. The issue arises in Web View in Windows Explorer when previewing files, where certain HTML characters in preview fields can be crafted to execute arbitrary code on affected systems. Affec...
CVE-1999-0503
CVE-1999-0503 concerns a Windows NT local user or administrator account with a guessable password. Connected sources corroborate that the issue enables basic local account compromise due to weak credentials (no explicit patch/version details provided in the documents). CVSS metrics in the initial...
CVE-1999-0590
Technical details are not publicly available in the provided documents for CVE-1999-0590; no affected products, versions, impact, or remediation are specified. Monitor for updates from the connected sources.
CVE-2007-0038
CVE-2007-0038 is a stack-based buffer overflow in Windows’ animated cursor handling (LoadAniIcon) affecting Windows 2000 SP4 through Vista, triggered by malformed RIFF ANI/cur/ico files and causing memory corruption in cursor/icon processing. A remote attacker could execute arbitrary code or caus...
CVE-2003-0715
CVE-2003-0715 describes a heap-based buffer overflow in the Windows RPCSS DCOM interface that can be triggered by a malformed DCERPC DCOM object activation request with modified length fields, enabling remote code execution. Affected: Windows NT 4.0 SPx, 2000, XP, and Server 2003 (DCOM RPC interf...
CVE-2007-0843
CVE-2007-0843 concerns the ReadDirectoryChangesW API on Windows 2000/XP/2003/Vista. The vulnerability arises because ReadDirectoryChangesW does not check the caller’s permissions for child directories, allowing a user with LIST access to a parent folder to monitor and infer information about file...