| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses. |
| rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
| Denial of service in WinGate proxy through a buffer overflow in POP3. |
| A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. |
| A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. |
| TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files. |
| NETBIOS share information may be published through SNMP registry keys in NT. |
| A Unix account has a guessable password. |
| A Unix account has a default, null, blank, or missing password. |
| A Windows NT local user or administrator account has a guessable password. |
| A Windows NT local user or administrator account has a default, null, blank, or missing password. |
| A Windows NT domain user or administrator account has a guessable password. |
| A Windows NT domain user or administrator account has a default, null, blank, or missing password. |
| An account on a router, firewall, or other network device has a guessable password. |
| An account on a router, firewall, or other network device has a default, null, blank, or missing password. |
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. |
| A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. |
| An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. |