Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-06 | CVE-2005-3174 | Local Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. | 4.6 |
| 2005-10-06 | CVE-2005-3173 | Local Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | 4.6 |
| 2005-10-06 | CVE-2005-3172 | Remote Security vulnerability in Microsoft Windows 2000 The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. | 5.0 |
| 2005-10-06 | CVE-2005-3171 | Local Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. | 4.6 |
| 2005-10-06 | CVE-2005-3169 | Remote Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. | 5.0 |
| 2005-10-06 | CVE-2005-3168 | Remote Security vulnerability in Windows 2000 Advanced Server The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. | 7.5 |
| 2005-10-06 | CVE-2005-3167 | Cross-Site Scripting vulnerability in MediaWiki HTML Inline Style Attributes Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks. network mediawiki | 4.3 |
| 2005-10-06 | CVE-2005-3166 | Denial-Of-Service vulnerability in Mediawiki Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. | 5.0 |
| 2005-10-06 | CVE-2005-3165 | Unspecified vulnerability in Mediawiki Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. network mediawiki | 4.3 |
| 2005-10-06 | CVE-2005-3163 | Unspecified vulnerability in Polipo Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. | 5.0 |