Vulnerabilities > Microsoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2000-12-31 | CVE-2000-1227 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back. | 5.0 |
2000-12-19 | CVE-2000-0982 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0980 | Unspecified vulnerability in Microsoft products NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. | 5.0 |
2000-12-19 | CVE-2000-0979 | Unspecified vulnerability in Microsoft products File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. | 6.4 |
2000-12-19 | CVE-2000-0970 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0951 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. | 5.0 |
2000-12-19 | CVE-2000-0942 | Unspecified vulnerability in Microsoft Indexing Service The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. | 5.1 |
2000-12-19 | CVE-2000-0933 | Unspecified vulnerability in Microsoft Windows 2000 The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. | 4.6 |
2000-12-19 | CVE-2000-0929 | Unspecified vulnerability in Microsoft Windows Media Player 7 Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. | 5.0 |
2000-12-19 | CVE-2000-0886 | Unspecified vulnerability in Microsoft products IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | 7.5 |