| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. |
| Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
| Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. |
| Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. |
| Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. |
| Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
| A Windows NT local user or administrator account has a guessable password. |
| Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. |
| The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. |
| A Windows NT administrator account has the default name of Administrator. |
| IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. |
| A version of finger is running that exposes valid user information to any entity on the network. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. |
