An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information.

An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.

quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password...

An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.

An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.

An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.

The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.

An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.

HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

The Windows NT guest account is enabled.

A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate ...

A system-critical NETBIOS/SMB share has inappropriate access control.

UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

An account on a router, firewall, or other network device has a default, null, blank, or missing password.

A Unix account has a guessable password.

Denial of service in WinGate proxy through a buffer overflow in POP3.

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash.

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Denial of service in "poll" in OpenBSD.

Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.