Searching running software vulnerabilities

sort creates temporary files and follows symbol

temporary | arbitrary | updatedb | observed | writable | symbolic | programs | running | creates | follows | modify | allows | other | which | links | files | users | local | sort | user | use |

sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.


HP-UX 9.x and 10.x running X windows may allow

privileges | attackers | windows | running | local | allow | HP-UX | gain | via | may | 10x |

HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.


Livingston Portmaster routers running ComOS use

Portmaster | Livingston | sequence | initial | routers | running | number | ComOS | same | use |

Livingston Portmaster routers running ComOS use the same initial sequence number (ISN) for TCP connections, which allows remote attackers to conduct spoofing and hijack TCP sessions.


The Economist screen saver 1999 with the "Passw

Economist | screen | saver |

The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.


Solaris Solstice AdminSuite (AdminSuite) 2.1 an

AdminSuite | Solstice | Solaris |

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.


dpsexec (DPS Server) when running under XDM in

dpsexec |

dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.


Chili!Soft ASP for Linux before 3.6 does not pr

privileges | attackers | inherited | ChiliSoft | malicious | properly | scripts | running | before | could | which | Linux | allow | group | gain | mode | does | ASP | via | not | set |

Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts.


Symantec Enterprise Firewall/VPN Appliances 100

Firewall/VPN | Appliances | Enterprise | Symantec |

Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.


Fortinet firewall running FortiOS 2.x contains

privileges | hardcoded | firewall | password | contains | Fortinet | console | running | FortiOS | uername | allows | access | number | serial | which | local | users | gain | set |

Fortinet firewall running FortiOS 2.x contains a hardcoded uername with the password set to the serial number, which allows local users with console access to gain privileges.


The web administration interface in Mentor ADSL

administration | ADSL-FR4II | interface | firmware | running | router | Mentor | web |

The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access.


apachetop 0.12.5 and earlier, when running in d

apachetop |

apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.


img.pl in Barracuda Spam Firewall running firmw

Barracuda | Firewall | firmware | running | imgpl | Spam |

img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.


The udp_v6_get_port function in udp.c in Linux

udp_v6_get_port | 2614-rc5 | function | running | service | allows | denial | before | users | cause | Linux | local | udpc | IPv6 |

The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).


The FTP server in HP-UX 10.20, B.11.00, and B.1

server | HP-UX | FTP |

The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.


Oracle Databases running on Windows XP with Sim

authentication | attackers | supplying | Databases | username | enabled | Sharing | Windows | running | bypass | Oracle | allows | remote | Simple | valid | File |

Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.


Unspecified vulnerability in the client/bin/log

client/bin/logfetch | vulnerability | Unspecified | arbitrary | logfetch | running | related | 42-beta | Hobbit | script | allows | setuid | users | local | files | root | read |

Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root.


Netgear FVG318 running firmware 1.0.40 allows r

firmware | running | Netgear | FVG318 |

Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.


Unspecified vulnerability in HP-UX B.11.00, B.1

vulnerability | Unspecified | trusted | running | service | vectors | allows | denial | users | HP-UX | cause | B1111 | B1123 | local | B1100 | mode | via |

Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.


Integer overflow in memory allocation routines

allocation | routines | overflow | Integer | before | memory | PHP |

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.


checkrestart in debian-goodies before 0.34 allo

debian-goodies | checkrestart | before |

checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.


Software vulnerabilities results 81 to 100 of 508     
Page: 123456789...26