National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:microsoft:windows_95:-:sp1
There are 52 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2003-1569

GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.

Published: February 06, 2009; 02:30:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Published: October 20, 2008; 01:59:26 PM -04:00
    V2: 7.1 HIGH
CVE-2007-3958

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.

Published: July 24, 2007; 02:30:00 PM -04:00
    V2: 7.1 HIGH
CVE-2007-2736

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.

Published: May 17, 2007; 03:30:00 PM -04:00
    V2: 10.0 HIGH
CVE-2007-1898

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.

Published: May 16, 2007; 06:30:00 PM -04:00
    V2: 5.8 MEDIUM
CVE-2007-2186

Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

Published: April 24, 2007; 01:19:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2006-7031

Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

Published: February 22, 2007; 10:28:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2006-7034

SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.

Published: February 22, 2007; 10:28:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-7037

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.

Published: February 22, 2007; 10:28:00 PM -05:00
    V2: 4.4 MEDIUM
CVE-2006-7039

The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.

Published: February 22, 2007; 10:28:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2007-1043

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

Published: February 21, 2007; 12:28:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-6261

Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.

Published: December 04, 2006; 06:28:00 AM -05:00
    V2: 9.3 HIGH
CVE-2002-1692

Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 3.6 LOW
CVE-2002-1257

Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-1258

Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1260

The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1325

Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0053

Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0238

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2000-1039

Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM