| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. |
| Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. |
| Denial of service through Winpopup using large user names. |
| Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. |
| A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. |
| IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. |
| MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. |
| Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. |
| Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. |
| A system-critical Windows NT file or directory has inappropriate permissions. |
| .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. |
| A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. |
| A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
