CVE-1999-0603

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc...

CVE-1999-0504

A Windows NT local user or administrator account has a default, null, blank, or missing password...

CVE-1999-0580

The HKEYLOCALMACHINE key in a Windows NT system has inappropriate, system-critical permissions...

CVE-1999-0594

A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive...

CVE-1999-0585

A Windows NT administrator account has the default name of Administrator...

CVE-1999-0376

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs...

CVE-1999-0592

The Logon box of a Windows NT system displays the name of the last user who logged in...

EUVD-1999-1340

Malware in sbrugna...

EUVD-2004-0210

Malware in sbrugna...

EUVD-1999-0532

Malware in sbrugna...

EUVD-1999-0382

Malware in sbrugna...

EUVD-1999-0568

Malware in sbrugna...

EUVD-2002-1214

Malware in sbrugna...

EUVD-1999-1346

Malware in sbrugna...

CVE-1999-0582

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc...

CVE-1999-0506

A Windows NT domain user or administrator account has a default, null, blank, or missing password...

Thoughts on Cloud Security

Recently I've been reading about cloud security and security with respect to DevOps. I'll say more about the excellent book I'm reading, but I had a moment of déjà vu during one section. The book described how cloud security is a big change from enterprise security because it relies less on...

CVE-2002-0367

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit...

CVE-2002-2028

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing...

MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (328145)

The remote host contains a version of the CryptoAPI that could allow an attacker to spoof the identity of another user with malformed SSL certificates. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11145; scriptversion"1.49"; scriptcvsdate"Date: 2018/11/15 20:50:29"...