| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash. |
| Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. |
| Denial of service in WinGate proxy through a buffer overflow in POP3. |
| TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files. |
| A Windows NT local user or administrator account has a default, null, blank, or missing password. |
| Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). |
| An account on a router, firewall, or other network device has a guessable password. |
| A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. |
| The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. |
| A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. |
| The Windows NT guest account is enabled. |
| A Unix account with a name other than "root" has UID 0, i.e. root privileges. |
| An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. |
| A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. |
| An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. |
| quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. |