| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An SSH server allows authentication through the .rhosts file. |
| A Unix account with a name other than "root" has UID 0, i.e. root privileges. |
| Two or more Unix accounts have the same UID. |
| A system-critical Unix file or directory has inappropriate permissions. |
| A system-critical Windows NT file or directory has inappropriate permissions. |
| IIS has the #exec function enabled for Server Side Include (SSI) files. |
| An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. |
| A Sendmail alias allows input to be piped to a program. |
| NFS exports system-critical data to the world, e.g. / or a password file. |
| A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. |
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. |
| There is a one-way or two-way trust relationship between Windows NT domains. |
| A system-critical Windows NT registry key has inappropriate permissions. |
| An event log in Windows NT has inappropriate access permissions. |
| A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. |
| In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. |
| An incorrect configuration of the Webcart CGI program could disclose private information. |
| A system-critical Windows NT registry key has an inappropriate value. |
