| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ICMP echo (ping) is allowed from arbitrary hosts. |
| An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. |
| The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. |
| A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
| An SSH server allows authentication through the .rhosts file. |
| A superfluous NFS server is running, but it is not importing or exporting any file systems. |
| HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests. |
| A Unix account with a name other than "root" has UID 0, i.e. root privileges. |
| A system-critical Unix file or directory has inappropriate permissions. |
| A system-critical Windows NT file or directory has inappropriate permissions. |
| IIS has the #exec function enabled for Server Side Include (SSI) files. |
| The registry in Windows NT can be accessed remotely by users who are not administrators. |
| An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. |
| An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. |
| A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. |
| A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
| There is a one-way or two-way trust relationship between Windows NT domains. |
