Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-1999-0376 |
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. Published: February 20, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-1999-0372 |
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. Published: February 12, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-1999-0391 |
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. Published: January 05, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-1999-0285 |
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-0384 |
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-1999-0549 |
Windows NT automatically logs in an administrator upon rebooting. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-1999-0560 |
A system-critical Windows NT file or directory has inappropriate permissions. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-0570 |
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-0577 |
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-0578 |
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-1999-0579 |
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-0581 |
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-1999-0593 |
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-1999-1291 |
TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. Published: October 05, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0505 |
A Windows NT domain user or administrator account has a guessable password. Published: October 01, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-1999-0506 |
A Windows NT domain user or administrator account has a default, null, blank, or missing password. Published: October 01, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-1999-0546 |
The Windows NT guest account is enabled. Published: October 01, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-1999-0969 |
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. Published: September 29, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0288 |
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. Published: August 01, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0344 |
NT users can gain debug-level access on a system process using the Sechole exploit. Published: August 01, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |