obtains software vulnerabilities
vulnerabilities.aspcode.net
Searching obtains software vulnerabilities
Oracle Webserver 2.1 and earlier runs setuid ro
configuration
|
privileges
|
Webserver
|
modifying
|
arbitrary
|
attacker
|
obtains
|
earlier
|
account
|
remote
|
modify
|
access
|
allows
|
setuid
|
Oracle
|
files
|
owned
|
local
|
which
|
runs
|
root
|
file
|
gain
|
any
|
but
|
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
The exit_thread function (process.c) in Linux k
exit_thread
|
function
|
The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.
The administrative interface (aka DkService.exe
administrative
|
interface
|
The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.
Software vulnerabilities results 1 to 4 of 4
Page:
1