booting software vulnerabilities
vulnerabilities.aspcode.net
Searching booting software vulnerabilities
Control Panel "Password Security" option for Ap
inaccessible
|
aaaaaaaAPWD
|
Powerbooks
|
emergency
|
attackers
|
Security"
|
"Password
|
physical
|
password
|
normally
|
security
|
booting
|
startup
|
machine
|
Control
|
on/off
|
modify
|
option
|
toggle
|
editor
|
access
|
bypass
|
allows
|
Panel
|
which
|
Apple
|
using
|
disk
|
file
|
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
Micah Software Full Armor Network Configurator
Administration
|
Configurator
|
protection
|
Software
|
physical
|
desktop
|
Network
|
access
|
bypass
|
users
|
Micah
|
Armor
|
local
|
allow
|
Full
|
Zero
|
Micah Software Full Armor Network Configurator and Zero Administration allow local users with physical access to bypass the desktop protection by (1) using
and kill the process using the task manager, (2) booting the system from a separate disk, or (3) interrupting certain processes that execute while the system is booting.
The (1) rcS and (2) mountall programs in Sun So
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
Microsoft Windows XP allows local users to prev
explorerexemanifest
|
Microsoft
|
prevent
|
booting
|
corrupt
|
Windows
|
allows
|
system
|
users
|
local
|
file
|
via
|
Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.
Apple Mac OS X 10.0 through 10.2.8 allows local
Apple
|
Mac
|
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
BEA WebLogic Server and WebLogic Express 7.0 th
attackers
|
accessing
|
directly
|
internal
|
WebLogic
|
password
|
username
|
booting
|
Express
|
methods
|
through
|
certain
|
Service
|
allows
|
Server
|
obtain
|
Pack
|
BEA
|
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
An error in the Toshiba ACPI BIOS 1.6 causes th
Toshiba
|
examine
|
causes
|
Master
|
Record
|
error
|
first
|
Boot
|
slot
|
ACPI
|
BIOS
|
only
|
An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such privileges.
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.
pygrub
|
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.
Software vulnerabilities results 1 to 9 of 9
Page:
1