National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
There are 245 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-1999-0570

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

Published: January 01, 1999; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-1999-0577

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

Published: January 01, 1999; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-1999-0578

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.

Published: January 01, 1999; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-1999-0579

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

Published: January 01, 1999; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-1999-0581

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.

Published: January 01, 1999; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-1999-0593

The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.

Published: January 01, 1999; 12:00:00 AM -05:00
    V2: 4.9 MEDIUM
CVE-1999-1291

TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.

Published: October 05, 1998; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0505

A Windows NT domain user or administrator account has a guessable password.

Published: October 01, 1998; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-1999-0506

A Windows NT domain user or administrator account has a default, null, blank, or missing password.

Published: October 01, 1998; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-1999-0546

The Windows NT guest account is enabled.

Published: October 01, 1998; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-1999-0969

The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.

Published: September 29, 1998; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0288

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.

Published: August 01, 1998; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0344

NT users can gain debug-level access on a system process using the Sechole exploit.

Published: August 01, 1998; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-1999-0278

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

Published: June 01, 1998; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-1361

Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.

Published: May 09, 1998; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-1999-0225

Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.

Published: February 14, 1998; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0258

Bonk variation of teardrop IP fragmentation denial of service.

Published: February 13, 1998; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0256

Buffer overflow in War FTP allows remote execution of commands.

Published: February 01, 1998; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-1999-1581

Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.

Published: December 23, 1997; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0015

Teardrop IP denial of service.

Published: December 16, 1997; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM