Vulnerabilities > Microsoft > Windows 2003 Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-15 | CVE-2004-1319 | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | 5.0 |
| 2004-08-18 | CVE-2004-0839 | Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". | 5.0 |
| 2004-08-06 | CVE-2004-0202 | Remote Malformed Packet Denial Of Service vulnerability in Microsoft DirectX DirectPlay IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | 5.0 |
| 2004-06-14 | CVE-2004-0199 | Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). | 5.1 |
| 2004-06-01 | CVE-2004-0120 | Denial of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | 5.0 |
| 2004-06-01 | CVE-2004-0116 | Remote Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | 5.0 |
| 2004-06-01 | CVE-2003-0807 | Remote Denial Of Service vulnerability in Microsoft Windows COM Internet Service/RPC Over HTTP Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. | 5.0 |
| 2003-11-17 | CVE-2003-0839 | Directory Traversal vulnerability in Microsoft Windows 2003 Server R2 Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. | 5.0 |
| 2003-10-20 | CVE-2003-0661 | Unspecified vulnerability in Microsoft products The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. | 5.0 |
| 2002-12-31 | CVE-2002-2189 | Cross-Site Scripting vulnerability in Activwebserver Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link. | 5.1 |