| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. |
| Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. |
| The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions. |
| The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. |
| There is a one-way or two-way trust relationship between Windows NT domains. |
| A Windows NT file system is not NTFS. |
| A Windows NT administrator account has the default name of Administrator. |
| Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. |
| WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow. |
| A network service is running on a nonstandard port. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |
| Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. |
| Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. |
| The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. |
| Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. |
| The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number. |