Vulnerabilities > Microsoft > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-01-09 | CVE-2000-1139 | USE of Hard-Coded Credentials vulnerability in Microsoft Exchange Server 2000 The installation of Microsoft Exchange 2000 before Rev. | 7.5 |
2001-01-09 | CVE-2000-1113 | Unspecified vulnerability in Microsoft Windows Media Player 6.4/7 Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. | 7.5 |
2001-01-09 | CVE-2000-1104 | Unspecified vulnerability in Microsoft products Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. | 7.5 |
2000-12-19 | CVE-2000-0982 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0970 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0886 | Unspecified vulnerability in Microsoft products IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0885 | Unspecified vulnerability in Microsoft Systems Management Server, Windows 2000 and Windows NT Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0884 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0817 | Unspecified vulnerability in Microsoft Network Monitor Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |
2000-11-14 | CVE-2000-0834 | Unspecified vulnerability in Microsoft Windows 2000 The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. | 7.5 |