Vulnerabilities > Microsoft > Windows NT > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2413 | Unspecified vulnerability in Deerfield Website PRO 3.1.11.0 WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. | 5.0 |
| 2002-12-31 | CVE-2002-2073 | Cross-Site Scripting vulnerability in Microsoft Site Server 3.0 Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. network microsoft | 4.3 |
| 2002-12-23 | CVE-2002-1325 | Information Disclosure vulnerability in Microsoft Java Virtual Machine user.dir Access Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." | 5.0 |
| 2002-12-23 | CVE-2002-1258 | Unspecified vulnerability in Microsoft products Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. | 5.0 |
| 2002-11-12 | CVE-2002-1184 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. | 4.6 |
| 2002-10-11 | CVE-2002-0863 | Unspecified vulnerability in Microsoft products Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." | 5.0 |
| 2002-10-04 | CVE-2002-0699 | Unspecified vulnerability in Microsoft products Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. | 5.0 |
| 2002-09-05 | CVE-2002-0725 | Link Following vulnerability in Microsoft Windows 2000 and Windows NT NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. | 5.5 |
| 2002-08-12 | CVE-2002-0421 | Unspecified vulnerability in Microsoft Windows NT 4.0 IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. | 5.0 |
| 2001-12-20 | CVE-2001-0879 | Unspecified vulnerability in Microsoft products Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | 5.0 |