Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-01-17 | CVE-2003-0001 | Information Exposure vulnerability in multiple products Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | 5.0 |
| 2002-12-31 | CVE-2002-2413 | Unspecified vulnerability in Deerfield Website PRO 3.1.11.0 WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. | 5.0 |
| 2002-12-31 | CVE-2002-2380 | Information Exposure vulnerability in Microsoft Network Firmware 5.5.11 NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. | 6.4 |
| 2002-12-31 | CVE-2002-2328 | Improper Input Validation vulnerability in Microsoft Windows 2000 Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. | 7.1 |
| 2002-12-31 | CVE-2002-2324 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows XP The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | 7.2 |
| 2002-12-31 | CVE-2002-2311 | Permissions, Privileges, and Access Controls vulnerability in multiple products Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. | 6.4 |
| 2002-12-31 | CVE-2002-2283 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows XP Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users. | 1.9 |
| 2002-12-31 | CVE-2002-2202 | Local Security vulnerability in Microsoft Outlook Express 6.0 Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email. | 3.8 |
| 2002-12-31 | CVE-2002-2189 | Cross-Site Scripting vulnerability in Activwebserver Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link. | 5.1 |
| 2002-12-31 | CVE-2002-2185 | Denial Of Service vulnerability in Multiple Vendor Spoofed IGMP Report The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | 4.9 |