| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A system-critical Windows NT registry key has inappropriate permissions. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| An event log in Windows NT has inappropriate access permissions. |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. |
| A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. |
| A Windows NT log file has an inappropriate maximum size or retention period. |
| A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. |
| A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. |
| A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. |
| A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers. |
| A network intrusion detection system (IDS) does not verify the checksum on a packet. |
| A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets. |
| A network intrusion detection system (IDS) does not properly reassemble fragmented packets. |
| In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. |
| An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. |
| An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. |
| quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. |
| An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. |