| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. |
| Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. |
| The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. |
| A Windows NT domain user or administrator account has a guessable password. |
| IP forwarding is enabled on a machine which is not a router or firewall. |
| The Windows NT guest account is enabled. |
| Windows NT automatically logs in an administrator upon rebooting. |
| The registry in Windows NT can be accessed remotely by users who are not administrators. |
| A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. |
| A version of finger is running that exposes valid user information to any entity on the network. |
| ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. |
| Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
| Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. |
| An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
| Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. |
