Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2100 | Unspecified vulnerability in Microsoft Outlook 2000/2002 Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. | 5.0 |
| 2002-12-31 | CVE-2002-2081 | Denial of Service vulnerability in Microsoft Site Server 3.0 Content Upload cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. | 5.0 |
| 2002-12-31 | CVE-2002-2073 | Cross-Site Scripting vulnerability in Microsoft Site Server 3.0 Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. network microsoft | 4.3 |
| 2002-12-31 | CVE-2002-2062 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. network microsoft | 4.3 |
| 2002-12-31 | CVE-2002-2031 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. | 5.0 |
| 2002-12-31 | CVE-2002-1984 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". | 5.0 |
| 2002-12-31 | CVE-2002-1981 | Unspecified vulnerability in Microsoft SQL Server 2000 Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. | 5.0 |
| 2002-12-31 | CVE-2002-1933 | Unspecified vulnerability in Microsoft Windows 2000 Terminal Services The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. | 7.2 |
| 2002-12-31 | CVE-2002-1918 | Buffer Overflow vulnerability in Microsoft Data Access Components 2.5/2.6/2.7 Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. | 10.0 |
| 2002-12-31 | CVE-2002-1908 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. | 5.0 |