Vulnerabilities > Microsoft > Windows 2000 > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-11 | CVE-2009-0093 | Improper Input Validation vulnerability in Microsoft products Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. | 3.5 |
| 2006-05-12 | CVE-2006-2334 | Unspecified vulnerability in Microsoft Windows 2000 and Windows XP The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | 2.1 |
| 2006-02-01 | CVE-2006-0488 | Denial-Of-Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. | 2.1 |
| 2005-10-21 | CVE-2005-2126 | Unspecified vulnerability in Microsoft products The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. | 2.6 |
| 2005-08-10 | CVE-2005-1981 | Unspecified vulnerability in Microsoft Windows 2000 and Windows 2003 Server Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. | 2.1 |
| 2005-08-10 | CVE-2005-1982 | Man In The Middle vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. | 3.6 |
| 2005-05-02 | CVE-2005-0550 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". | 2.1 |
| 2004-11-03 | CVE-2004-0207 | Unspecified vulnerability in Microsoft products "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. | 2.1 |
| 2004-06-01 | CVE-2004-0124 | Unspecified vulnerability in Microsoft products The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." | 2.6 |
| 2003-12-31 | CVE-2003-1437 | Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | 2.1 |