CVEs

The rpc.rquotad service is running.

The ident/identd service is running.

The NT Alerter and Messenger services are running.

The RPC portmapper service is running.

The echo service is running.

The discard service is running.

The systat service is running.

The daytime service is running.

The chargen service is running.

The Gopher service is running.

The UUCP service is running.

The netstat service is running, which provides sensitive information to remote attackers.

The rsh/rlogin service is running.

A component service related to NIS+ is running.

The OS/2 or POSIX subsystem in NT is enabled.

The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.

A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.

A system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified.

An application-critical Windows NT registry key has inappropriate permissions.

PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.

Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client.

Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.

mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.

Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.

Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.

Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program.

nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl.

BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password.

Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.

The passwd command in Solaris can be subjected to a denial of service.

Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges.

fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.

BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.

BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.

Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file.

UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

Buffer overflow in NetMeeting allows denial of service and remote command execution.

Linux PAM modules allow local users to gain root access using temporary files.

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

Remote attackers can perform a denial of service using IRIX fcagent.

Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file.

Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi.