(Description Provided by CVE) : rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.
(Description Provided by CVE) : FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
It is possible to modify the registry paths to commonly used applications. The path to a Trojan program could be substituted, and the next time the application is executed the Trojan could be used to gain unauthorized access.
By default, PCexpress BBS installs with a default password. The connect password has a password of "QU ME CYKEL PUMPE MED SKOR" which is publicly known and documented. This allows attackers to trivially access the program or system.
FastCGI mod_fastcgi package contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker executes the "echo.exe" program, which will disclose extensive details about the machine's operating environment resulting in a loss of confidentiality.
It is possible to determine the Windows Service Pack level of this system by reading the registry via NetBIOS. An attacker could use this information to determine potential vulnerabilities on the system. Depending on the Windows configuration and version, a valid username and password may be required before this information can be obtained.
It is possible for authenticated, non- administrative domain users on a Windows NT network to access several hives in the registry remotely. An attacker could cause denials of service conditions or elevate access by modifying various keys.
Iniquity BBS contains a flaw that may allow a remote attacker to access arbitrary files. The issue is due to the E-mail system not filtering or limiting what files can be attached. If an attacker sends e-mail to himself and specifies a sensitive file, the file will be attached to the e-mail and disclosed.
(Description Provided by CVE) : Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
(Description Provided by CVE) : When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.
By default, Advanced Integration BIOS installs with default user credentials (username/password combination). Any account name supplied has a password of 'Advance', which is publicly known and documented. This allows physically present attackers to trivially access the program or system and gain privileged access.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.