| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A DNS server allows zone transfers. |
| A DNS server allows inverse queries. |
| A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| A trust relationship exists between two Unix hosts. |
| A password for accessing a WWW URL is guessable. |
| The Windows NT guest account is enabled. |
| An SSH server allows authentication through the .rhosts file. |
| A superfluous NFS server is running, but it is not importing or exporting any file systems. |
| Windows NT automatically logs in an administrator upon rebooting. |
| A router's routing tables can be obtained from arbitrary hosts. |
| HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests. |
| NFS exports system-critical data to the world, e.g. / or a password file. |
| A Unix account with a name other than "root" has UID 0, i.e. root privileges. |
| Two or more Unix accounts have the same UID. |
| A system-critical Unix file or directory has inappropriate permissions. |
| A system-critical Windows NT file or directory has inappropriate permissions. |
| IIS has the #exec function enabled for Server Side Include (SSI) files. |
| The registry in Windows NT can be accessed remotely by users who are not administrators. |
