Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2000-12-19 | CVE-2000-0979 | Unspecified vulnerability in Microsoft products File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. | 6.4 |
| 2000-12-19 | CVE-2000-0970 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | 7.5 |
| 2000-12-19 | CVE-2000-0951 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. | 5.0 |
| 2000-12-19 | CVE-2000-0942 | Unspecified vulnerability in Microsoft Indexing Service The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. | 5.1 |
| 2000-12-19 | CVE-2000-0933 | Unspecified vulnerability in Microsoft Windows 2000 The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. | 4.6 |
| 2000-12-19 | CVE-2000-0929 | Unspecified vulnerability in Microsoft Windows Media Player 7 Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. | 5.0 |
| 2000-12-19 | CVE-2000-0886 | Unspecified vulnerability in Microsoft products IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | 7.5 |
| 2000-12-19 | CVE-2000-0885 | Unspecified vulnerability in Microsoft Systems Management Server, Windows 2000 and Windows NT Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |
| 2000-12-19 | CVE-2000-0884 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | 7.5 |
| 2000-12-19 | CVE-2000-0817 | Unspecified vulnerability in Microsoft Network Monitor Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |