Filtered by vendor Microsoft
Subscribe
Total
19339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4110 | 1 Microsoft | 1 Sql Server | 2018-10-11 | 7.6 HIGH | N/A |
| Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. | |||||
| CVE-2008-3897 | 2 Freed0m, Microsoft | 2 Disckcryptor, Windows | 2018-10-11 | 2.1 LOW | N/A |
| DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3851 | 2 Microsoft, Pluck | 2 Windows, Pluck | 2018-10-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194. | |||||
| CVE-2008-3842 | 1 Microsoft | 5 .net Framework, Windows-nt, Windows 2000 and 2 more | 2018-10-11 | 4.3 MEDIUM | N/A |
| Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. | |||||
| CVE-2008-3365 | 2 Microsoft, Pixelpost | 7 Windows, Windows-nt, Windows 2000 and 4 more | 2018-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. | |||||
| CVE-2008-3358 | 2 Microsoft, Sap | 2 Internet Explorer, Netweaver | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. | |||||
| CVE-2008-3068 | 1 Microsoft | 17 Access, Excel, Frontpage and 14 more | 2018-10-11 | 7.5 HIGH | N/A |
| Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | |||||
| CVE-2008-2747 | 2 Microsoft, No-ip | 2 Windows, Dynamic Update Client | 2018-10-11 | 2.1 LOW | N/A |
| No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. | |||||
| CVE-2008-2547 | 1 Microsoft | 1 Windows Installer | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. | |||||
| CVE-2008-2430 | 2 Microsoft, Videolan | 2 Windows Nt, Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
| Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | |||||
| CVE-2008-2427 | 4 Freebsd, Microsoft, Pagesperso-orange and 1 more | 6 Freebsd, Windows Nt, Gfl Sdk and 3 more | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. | |||||
| CVE-2008-2099 | 2 Microsoft, Vmware | 5 Windows, Ace 2, Vmware Player 2 and 2 more | 2018-10-11 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
| CVE-2008-1933 | 1 Microsoft | 1 Zune Software | 2018-10-11 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run. | |||||
| CVE-2008-1932 | 2 Microsoft, Realtek | 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers | 2018-10-11 | 6.8 MEDIUM | N/A |
| Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. | |||||
| CVE-2008-1931 | 2 Microsoft, Realtek | 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers | 2018-10-11 | 6.8 MEDIUM | N/A |
| Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. | |||||
| CVE-2008-1898 | 1 Microsoft | 2 Office, Works | 2018-10-11 | 9.3 HIGH | N/A |
| A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | |||||
| CVE-2008-1888 | 1 Microsoft | 1 Sharepoint Server | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. | |||||
| CVE-2008-1581 | 2 Apple, Microsoft | 3 Quicktime, Windows Vista, Windows Xp | 2018-10-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. | |||||
| CVE-2008-1471 | 2 Microsoft, Panda | 6 Windows-nt, Windows 2000, Windows Vista and 3 more | 2018-10-11 | 7.2 HIGH | N/A |
| The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. | |||||
| CVE-2008-1402 | 2 Mg-soft, Microsoft | 2 Net Inspector, Windows | 2018-10-11 | 7.1 HIGH | N/A |
| MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine). | |||||