machine software vulnerabilities

Searching machine software vulnerabilities

The HKEY_LOCAL_MACHINE key in a Windows NT syst

The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.

The Economist screen saver 1999 with the "Passw

The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.

SunOS 4.1.4 on a Sparc 20 machine allows local

SunOS |

SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.

Macromedia "The Matrix" screen saver on Windows

Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.

Microsoft Java Virtual Machine allows remote at

Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.

The URLConnection function in MacOS Runtime Jav

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.

The Extended Control List (ECL) feature of the

Extended | Control | List |

The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.

Internet Explorer 5.50.4134.0100 on Windows ME

Explorer | Internet |

Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.

Tiny Personal Firewall (TPF) 2.0.15, under cert

Firewall | Personal | Tiny |

Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions.

The Java logging feature for the Java Virtual M

The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code.

java.security.AccessController in Sun Java Virt

java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.

VMware GSX Server 2.5.1 build 4968 and earlier,

Server | VMware | GSX |

VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.

The component for the Virtual DOS Machine (VDM)

component | Machine | Virtual | DOS |

The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.

Unknown vulnerability in Sun Java Runtime Envir

Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).

Java 2 Micro Edition (J2ME) does not properly v

Edition | Micro | Java |

Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.

Mail in Mac OS X 10.3.7, when generating a Mess

Mail | Mac |

Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.

Microsoft Windows XP has weak permissions (FILE

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

QEMU 0.8.2 allows local users to halt a virtual

QEMU |

QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.

The virtual machine process (VMX) in VMware Wor

process | machine | virtual |

The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.

DISPUTED McAfee VirusScan Enterprise 8.5

** DISPUTED ** McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product.

Software vulnerabilities results 1 to 20 of 72

Page: 12 3 4 ►

machine software vulnerabilities

vulnerabilities.aspcode.net

Searching machine software vulnerabilities