processes software vulnerabilities
vulnerabilities.aspcode.net
Searching processes software vulnerabilities
Windows NT TCP/IP processes fragmented IP packe
fragmented
|
improperly
|
processes
|
service
|
causing
|
Windows
|
packets
|
denial
|
TCP/IP
|
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
SVGAlib zgv 3.0-7 and earlier allows local user
privilege
|
earlier
|
SVGAlib
|
allows
|
access
|
users
|
local
|
30-7
|
leak
|
gain
|
root
|
zgv
|
via
|
SVGAlib zgv 3.0-7 and earlier allows local users to gain root access via a privilege leak of the iopl(3) privileges to child processes.
FreeBSD 3.2 and possibly other versions allows
possibly
|
versions
|
service
|
FreeBSD
|
denial
|
allows
|
other
|
cause
|
local
|
user
|
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9
Microsystems
|
environment
|
/usr/ucb/ps
|
processes
|
arbitrary
|
variables
|
releases
|
certain
|
Solaris
|
earlier
|
option
|
allows
|
values
|
local
|
users
|
view
|
Sun
|
via
|
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
LPPlus creates the lpdprocess file with world-w
world-writeable
|
permissions
|
dcclpdshut
|
specifying
|
lpdprocess
|
processes
|
arbitrary
|
alternate
|
specified
|
creates
|
program
|
process
|
allows
|
LPPlus
|
setuid
|
using
|
which
|
local
|
users
|
file
|
kill
|
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.
Lotus Notes R5 Client 4.6 allows remote attacke
automatically
|
arbitrary
|
attackers
|
processes
|
executed
|
commands
|
message
|
execute
|
e-mail
|
Client
|
object
|
remote
|
allows
|
Notes
|
Lotus
|
event
|
which
|
code
|
user
|
via
|
Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.
Linux kernel 2.2.19 enables CAP_SYS_RESOURCE fo
kernel
|
Linux
|
Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.
Vulnerability in administration server for HP V
administration
|
Vulnerability
|
VirtualVault
|
server
|
HP-UX
|
Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.
Next Generation POSIX Threading (NGPT) 1.9.0 us
Generation
|
Threading
|
POSIX
|
Next
|
Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.
ptrace in the QNX realtime operating system (RT
operating
|
realtime
|
system
|
ptrace
|
QNX
|
ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes.
Integrity Protection Driver (IPD) 1.2 and earli
Protection
|
Integrity
|
Driver
|
Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink.
Samba 3.0.6 and earlier allows remote attackers
Samba
|
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
Kerio Personal Firewall 4.0 (KPF4) allows local
Firewall
|
Personal
|
Kerio
|
Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable.
The GUI in Alt-N Technologies MDaemon 7.2 and e
Technologies
|
privileges
|
NOTEPADEXE
|
including
|
processes
|
executes
|
physical
|
MDaemon
|
earlier
|
access
|
allows
|
create
|
SYSTEM
|
child
|
which
|
Alt-N
|
local
|
users
|
files
|
gain
|
such
|
new
|
GUI
|
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
Cocktail 3.5.4 and possibly earlier in Mac OS X
Cocktail
|
Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.
The web interface for Lotus Notes mail automati
automatically
|
attachment
|
interface
|
processes
|
prompting
|
attackers
|
web-based
|
without
|
conduct
|
attacks
|
cookies
|
easier
|
remote
|
makes
|
which
|
steal
|
Notes
|
Lotus
|
HTML
|
mail
|
user
|
open
|
save
|
web
|
The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
KillProcess 2.20 and earlier allows local users
KillProcess
|
KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.
The auto-reap of child processes in Linux kerne
processes
|
auto-reap
|
kernel
|
before
|
child
|
Linux
|
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges.
Smb4K before 0.8.0 allow local users, when pres
before
|
Smb4K
|
Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."
Apache httpd 2.0.59 and 2.2.4, with the Prefork
Apache
|
httpd
|
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
Software vulnerabilities results 1 to 20 of 66
Page:
1
2
3
4
►