Vulnerabilities > Microsoft > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2000-10-20 | CVE-2000-0771 | Unspecified vulnerability in Microsoft Windows 2000 Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. | 2.1 |
| 2000-07-13 | CVE-2000-0649 | Information Exposure vulnerability in Microsoft products IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | 2.6 |
| 2000-07-01 | CVE-1999-0585 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT A Windows NT administrator account has the default name of Administrator. | 2.1 |
| 2000-06-06 | CVE-2000-0503 | Unspecified vulnerability in Microsoft Internet Explorer The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. | 2.6 |
| 2000-06-05 | CVE-2000-0518 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. | 2.6 |
| 2000-06-05 | CVE-2000-0519 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. | 2.6 |
| 2000-06-01 | CVE-2000-0487 | Unspecified vulnerability in Microsoft Windows 2000 The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability. | 3.6 |
| 2000-05-30 | CVE-2000-0402 | Unspecified vulnerability in Microsoft SQL Server 7.0 The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. | 2.1 |
| 2000-05-30 | CVE-2000-0485 | Unspecified vulnerability in Microsoft SQL Server 6.5/7.0 Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. | 2.1 |
| 2000-04-20 | CVE-2000-0311 | Unspecified vulnerability in Microsoft Windows 2000 The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. | 2.1 |