Lucene search

K
MicrosoftWindows Nt

252 matches found

CVE
CVE
added 2003/04/02 5:0 a.m.981 views

CVE-2002-0367

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

7.8CVSS8.9AI score0.01396EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.971 views

CVE-2004-0210

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.

7.8CVSS7.3AI score0.0633EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.652 views

CVE-1999-0519

A NETBIOS/SMB share password is the default, null, or missing.

7.5CVSS6.8AI score0.08661EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.479 views

CVE-2000-1200

Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.

5CVSS6.6AI score0.20495EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.378 views

CVE-1999-0511

IP forwarding is enabled on a machine which is not a router or firewall.

7.5CVSS6.8AI score0.0596EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.204 views

CVE-2003-0352

Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

7.5CVSS7.5AI score0.89814EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.202 views

CVE-2003-0533

Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute a...

7.5CVSS7.8AI score0.8878EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.148 views

CVE-2002-1561

The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.

5CVSS6.6AI score0.60671EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.137 views

CVE-1999-0505

A Windows NT domain user or administrator account has a guessable password.

7.2CVSS6.7AI score0.00683EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.135 views

CVE-1999-0506

A Windows NT domain user or administrator account has a default, null, blank, or missing password.

7.2CVSS6.7AI score0.07551EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.121 views

CVE-1999-0016

Land IP denial of service.

5CVSS6.6AI score0.72572EPSS
CVE
CVE
added 2006/01/10 10:3 p.m.121 views

CVE-2006-0010

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overf...

9.3CVSS7.7AI score0.67399EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.116 views

CVE-1999-0077

Predictable TCP sequence numbers allow spoofing.

5CVSS6.4AI score0.15621EPSS
CVE
CVE
added 2006/03/03 11:2 a.m.104 views

CVE-2006-0988

The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of ...

7.8CVSS6.8AI score0.69541EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.100 views

CVE-1999-0535

A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.

10CVSS7.6AI score0.11702EPSS
CVE
CVE
added 2003/09/17 4:0 a.m.99 views

CVE-2003-0528

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.

10CVSS7.8AI score0.89814EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.96 views

CVE-2004-0574

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an...

10CVSS7.7AI score0.85365EPSS
CVE
CVE
added 2004/03/03 5:0 a.m.94 views

CVE-2003-0818

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause...

7.5CVSS7.4AI score0.89651EPSS
CVE
CVE
added 2003/09/17 4:0 a.m.93 views

CVE-2003-0715

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaste...

10CVSS7.7AI score0.89814EPSS
CVE
CVE
added 2002/10/04 4:0 a.m.90 views

CVE-2002-0862

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constrai...

6.8CVSS6.3AI score0.20154EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.89 views

CVE-2004-0900

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."

10CVSS7.5AI score0.41495EPSS
CVE
CVE
added 2000/06/01 4:0 a.m.88 views

CVE-1999-0590

A system does not present an appropriate legal message or warning to a user who is accessing it.

10CVSS6.9AI score0.10292EPSS
CVE
CVE
added 2002/03/08 5:0 a.m.88 views

CVE-2002-0053

Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and ot...

7.5CVSS7.8AI score0.63395EPSS
CVE
CVE
added 2003/10/20 4:0 a.m.88 views

CVE-2003-0661

The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.

5CVSS6.3AI score0.238EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.81 views

CVE-2002-0391

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

10CVSS9.9AI score0.0457EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.79 views

CVE-1999-0499

NETBIOS share information may be published through SNMP registry keys in NT.

7.5CVSS6.5AI score0.04001EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.78 views

CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."

5.1CVSS7.7AI score0.44287EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.77 views

CVE-2003-0906

Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.

7.6CVSS7.9AI score0.45302EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.76 views

CVE-1999-0015

Teardrop IP denial of service.

5CVSS6.8AI score0.25851EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.76 views

CVE-1999-0119

Windows NT 4.0 beta allows users to read and delete shares.

10CVSS6.8AI score0.11702EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.76 views

CVE-1999-0503

A Windows NT local user or administrator account has a guessable password.

7.2CVSS6.5AI score0.00644EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.76 views

CVE-1999-0504

A Windows NT local user or administrator account has a default, null, blank, or missing password.

7.5CVSS6.2AI score0.35999EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.76 views

CVE-2004-0212

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonym...

10CVSS7.7AI score0.79934EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.75 views

CVE-1999-0256

Buffer overflow in War FTP allows remote execution of commands.

7.5CVSS7.1AI score0.83285EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.75 views

CVE-2000-0673

The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.

5CVSS6.7AI score0.17327EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.75 views

CVE-2000-1218

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

9.8CVSS7AI score0.02221EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.75 views

CVE-2003-0717

The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

7.5CVSS7.9AI score0.79831EPSS
CVE
CVE
added 2002/09/24 4:0 a.m.74 views

CVE-2002-0724

Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buff...

7.5CVSS6.5AI score0.40265EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.73 views

CVE-1999-0391

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

7.5CVSS7.1AI score0.03809EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.73 views

CVE-2002-1257

Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.

10CVSS7.4AI score0.07885EPSS
CVE
CVE
added 2000/07/01 4:0 a.m.72 views

CVE-1999-0585

A Windows NT administrator account has the default name of Administrator.

2.1CVSS7AI score0.00751EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.72 views

CVE-2003-0345

Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.

7.5CVSS8.1AI score0.46218EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.72 views

CVE-2004-0201

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

10CVSS7.8AI score0.70948EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.72 views

CVE-2004-0571

Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.

10CVSS7.6AI score0.26517EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.71 views

CVE-2003-0806

Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.

7.5CVSS7.9AI score0.491EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.71 views

CVE-2003-0825

The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.

9.3CVSS7.2AI score0.46066EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.71 views

CVE-2004-0206

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," poss...

7.5CVSS7.5AI score0.80399EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.71 views

CVE-2004-0901

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different...

10CVSS7.5AI score0.26517EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.70 views

CVE-1999-0918

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

7.8CVSS6.6AI score0.34126EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.70 views

CVE-2002-0018

In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by inj...

10CVSS6.7AI score0.36037EPSS
Total number of security vulnerabilities252