| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. |
| A filter in a router or firewall allows unusual fragmented packets. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. |
| A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. |
| A Windows NT log file has an inappropriate maximum size or retention period. |
| A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. |
| In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. |
| An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. |
| nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. |
| A system-critical Windows NT registry key has an inappropriate value. |
| A version of finger is running that exposes valid user information to any entity on the network. |
| The rexec service is running. |
| The rstat/rstatd service is running. |
| A version of rusers is running that exposes valid user information to any entity on the network. |
| Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter. |
| The rwho/rwhod service is running, which exposes machine status and user information. |
| The ident/identd service is running. |
| Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi. |
