Vulnerabilities > Microsoft > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-06-02 | CVE-2001-0261 | Unspecified vulnerability in Microsoft Windows 2000 Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. | 2.1 |
| 2001-05-11 | CVE-2001-1450 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". | 2.6 |
| 2001-05-03 | CVE-2001-0152 | Unspecified vulnerability in Microsoft Plus The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. | 2.1 |
| 2001-05-03 | CVE-2001-0324 | Unspecified vulnerability in Microsoft Windows 2000 and Windows 98 Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. | 2.6 |
| 2001-02-16 | CVE-2001-0089 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. | 2.6 |
| 2001-02-16 | CVE-2001-0091 | Unspecified vulnerability in Microsoft Internet Explorer The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. | 2.6 |
| 2001-02-16 | CVE-2001-0092 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.01/5.5 A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. | 2.6 |
| 2001-01-09 | CVE-2000-1083 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 2.1 |
| 2000-12-11 | CVE-2000-1003 | Unspecified vulnerability in Microsoft Windows 95, Windows 98 and Windows 98Se NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. | 2.6 |
| 2000-11-14 | CVE-2000-0849 | Unspecified vulnerability in Microsoft Windows Media Services 4.0/4.1 Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. | 2.6 |