Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MicrosoftWindows Nt

252 matches found

CVE
CVEadded 2000/06/02 4:0 a.m.54 views

CVE-2000-0328

Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.

5CVSS7.5AI score0.2262EPSS
CVE
CVEadded 2002/06/25 4:0 a.m.54 views

CVE-2002-0070

Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.

7.6CVSS7.7AI score0.26114EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.54 views

CVE-2002-0694

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execut...

7.5CVSS7.5AI score0.28961EPSS
CVE
CVEadded 2003/11/17 5:0 a.m.54 views

CVE-2003-0659

Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.

7.2CVSS7.3AI score0.03659EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.54 views

CVE-2004-0893

The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."

7.2CVSS6.6AI score0.01018EPSS
CVE
CVEadded 1999/09/29 4:0 a.m.53 views

CVE-1999-0372

The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

2.1CVSS7AI score0.04752EPSS
CVE
CVEadded 2000/02/04 5:0 a.m.53 views

CVE-1999-0444

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.

5CVSS7.1AI score0.07277EPSS
CVE
CVEadded 2000/02/04 5:0 a.m.53 views

CVE-1999-0546

The Windows NT guest account is enabled.

4.6CVSS6.8AI score0.00472EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.53 views

CVE-2001-0663

Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.

5CVSS6.7AI score0.2305EPSS
CVE
CVEadded 2003/06/09 4:0 a.m.53 views

CVE-2003-0227

The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a c...

5CVSS7.6AI score0.48647EPSS
CVE
CVEadded 2003/11/17 5:0 a.m.53 views

CVE-2003-0660

The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.

7.5CVSS7.4AI score0.29442EPSS
CVE
CVEadded 2004/06/01 4:0 a.m.53 views

CVE-2003-0807

Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.

5CVSS6.7AI score0.38004EPSS
CVE
CVEadded 2005/06/13 4:0 a.m.53 views

CVE-2005-1935

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as de...

7.5CVSS7.9AI score0.89651EPSS
CVE
CVEadded 2000/04/11 4:0 a.m.52 views

CVE-1999-0701

After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.

7.2CVSS6.4AI score0.00779EPSS
CVE
CVEadded 2000/01/04 5:0 a.m.52 views

CVE-1999-0726

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

7.8CVSS6.9AI score0.19454EPSS
CVE
CVEadded 2000/01/04 5:0 a.m.52 views

CVE-1999-0886

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

9CVSS7AI score0.37951EPSS
CVE
CVEadded 2000/01/04 5:0 a.m.52 views

CVE-1999-0909

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

7.5CVSS7AI score0.04231EPSS
CVE
CVEadded 2001/09/18 4:0 a.m.52 views

CVE-2001-0238

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.

7.5CVSS7.1AI score0.05327EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.52 views

CVE-2001-0879

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

5CVSS7AI score0.10185EPSS
CVE
CVEadded 2004/06/01 4:0 a.m.52 views

CVE-2004-0123

Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS7.9AI score0.48567EPSS
CVE
CVEadded 2004/11/03 5:0 a.m.52 views

CVE-2004-0208

The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged op...

7.2CVSS6.3AI score0.02125EPSS
CVE
CVEadded 2000/02/04 5:0 a.m.51 views

CVE-1999-0258

Bonk variation of teardrop IP fragmentation denial of service.

5CVSS6.8AI score0.04875EPSS
CVE
CVEadded 2000/02/04 5:0 a.m.51 views

CVE-1999-0595

A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.

2.1CVSS6.5AI score0.00751EPSS
CVE
CVEadded 2000/01/04 5:0 a.m.51 views

CVE-1999-0700

Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

6.2CVSS7.1AI score0.023EPSS
CVE
CVEadded 2001/09/12 4:0 a.m.51 views

CVE-1999-1291

TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.

5CVSS7.5AI score0.08554EPSS
CVE
CVEadded 2000/02/23 5:0 a.m.51 views

CVE-2000-0155

Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.

7.2CVSS7AI score0.01723EPSS
CVE
CVEadded 2000/11/29 5:0 a.m.51 views

CVE-2000-1079

Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.

7.5CVSS7AI score0.11149EPSS
CVE
CVEadded 2005/07/14 4:0 a.m.51 views

CVE-2002-2073

Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.

4.3CVSS5.7AI score0.04222EPSS
CVE
CVEadded 2004/11/03 5:0 a.m.51 views

CVE-2004-0569

The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.

7.5CVSS6.7AI score0.23479EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.51 views

CVE-2004-1080

The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Associa...

10CVSS7.3AI score0.89406EPSS
CVE
CVEadded 2005/01/19 5:0 a.m.51 views

CVE-2004-1361

Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

5CVSS7.9AI score0.19594EPSS
CVE
CVEadded 1999/09/29 4:0 a.m.50 views

CVE-1999-0074

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

6.4CVSS7.4AI score0.0588EPSS
CVE
CVEadded 2000/02/04 5:0 a.m.50 views

CVE-1999-0104

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

5CVSS7.4AI score0.03605EPSS
CVE
CVEadded 1999/09/29 4:0 a.m.50 views

CVE-1999-0179

Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.

5CVSS7.5AI score0.0672EPSS
CVE
CVEadded 2000/06/02 4:0 a.m.50 views

CVE-1999-0225

Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.

5CVSS7.4AI score0.16121EPSS
CVE
CVEadded 1999/09/29 4:0 a.m.50 views

CVE-1999-0376

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

4.6CVSS6.9AI score0.00306EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.50 views

CVE-1999-1365

Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program ...

7.2CVSS7AI score0.01459EPSS
CVE
CVEadded 2000/03/22 5:0 a.m.50 views

CVE-2000-0089

The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.

2.1CVSS6.3AI score0.02916EPSS
CVE
CVEadded 2000/04/26 4:0 a.m.50 views

CVE-2000-0259

The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.

7.2CVSS6.6AI score0.00374EPSS
CVE
CVEadded 2000/07/12 4:0 a.m.50 views

CVE-2000-0331

Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.

5CVSS7AI score0.11559EPSS
CVE
CVEadded 2000/07/12 4:0 a.m.50 views

CVE-2000-0544

Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.

5CVSS6.7AI score0.14406EPSS
CVE
CVEadded 2001/09/20 4:0 a.m.50 views

CVE-2001-0509

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

5CVSS7.2AI score0.13062EPSS
CVE
CVEadded 2002/03/15 5:0 a.m.50 views

CVE-2001-1122

Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.

2.1CVSS6.7AI score0.00296EPSS
CVE
CVEadded 2005/04/21 4:0 a.m.50 views

CVE-2001-1452

By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.

7.5CVSS7.1AI score0.05368EPSS
CVE
CVEadded 2002/08/12 4:0 a.m.50 views

CVE-2002-0421

IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

5CVSS6.5AI score0.23698EPSS
CVE
CVEadded 2003/05/12 4:0 a.m.50 views

CVE-2003-0112

Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.

4.6CVSS6.8AI score0.03564EPSS
CVE
CVEadded 2008/11/26 1:30 a.m.50 views

CVE-2008-5232

Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argum...

9.3CVSS7.5AI score0.46192EPSS
CVE
CVEadded 1999/09/29 4:0 a.m.49 views

CVE-1999-0288

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.

5CVSS6.8AI score0.26564EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.49 views

CVE-1999-1157

Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.

5CVSS7.1AI score0.14786EPSS
CVE
CVEadded 2000/04/18 4:0 a.m.49 views

CVE-2000-0073

Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.

5CVSS7AI score0.16571EPSS
Total number of security vulnerabilities252