Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2000-03-14 | CVE-2000-0199 | Weak Password Encryption vulnerability in Microsoft SQL Server 7.0 When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | 7.2 |
| 2000-03-08 | CVE-2000-0202 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | 7.5 |
| 2000-02-18 | CVE-2000-0161 | Unspecified vulnerability in Microsoft Site Server 3.0 Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. | 7.5 |
| 2000-01-20 | CVE-2000-0088 | Unspecified vulnerability in Microsoft products Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. | 7.2 |
| 2000-01-04 | CVE-2000-0085 | Unspecified vulnerability in Microsoft Hotmail Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. | 7.5 |
| 1999-12-31 | CVE-1999-1591 | Authentication vulnerability in Microsoft VisualInterDev 6.0 - IIS4- Management With No Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | 7.5 |
| 1999-12-31 | CVE-1999-1474 | Unspecified vulnerability in Microsoft Powerpoint 95/97 PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer. | 7.5 |
| 1999-12-31 | CVE-1999-1455 | Unspecified vulnerability in Microsoft Windows NT RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. | 7.5 |
| 1999-12-31 | CVE-1999-1359 | Security Bypass vulnerability in Microsoft Windows NT When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. | 7.5 |
| 1999-12-31 | CVE-1999-1316 | Unspecified vulnerability in Microsoft Windows NT 4.0 Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. | 7.5 |