screen locking software vulnerabilities
vulnerabilities.aspcode.net
Searching screen locking software vulnerabilities
ptylogin in Unix systems allows users to perfor
passwords
|
ptylogin
|
perform
|
service
|
locking
|
systems
|
modems
|
obtain
|
denial
|
allows
|
modem
|
users
|
Unix
|
dial
|
out
|
ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords.
Idle locking function in MacOS 9 allows local u
application
|
protection
|
selecting
|
password
|
attempts
|
sessions
|
"Cancel"
|
attacker
|
function
|
session
|
locking
|
returns
|
dialog
|
verify
|
locked
|
option
|
bypass
|
allows
|
wants
|
which
|
MacOS
|
local
|
idled
|
users
|
into
|
"Log
|
user
|
Idle
|
Out"
|
log
|
out
|
box
|
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
Idle locking function in MacOS 9 allows local a
programmer's
|
protection
|
attackers
|
sessions
|
debugger
|
attacker
|
keyboard
|
sequence
|
password
|
function
|
CMD-PWR
|
disable
|
locking
|
bypass
|
brings
|
allows
|
switch
|
idled
|
which
|
MacOS
|
local
|
lock
|
Idle
|
use
|
via
|
can
|
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
Screen savers in KDE beta 3 allows local users
overwrite
|
arbitrary
|
symlink
|
Screen
|
savers
|
attack
|
ksspid
|
allows
|
files
|
users
|
local
|
beta
|
file
|
KDE
|
via
|
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
The Economist screen saver 1999 with the "Passw
Economist
|
screen
|
saver
|
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
Buffer overflow in LCDproc allows remote attack
privileges
|
screen_add
|
attackers
|
overflow
|
command
|
LCDproc
|
allows
|
Buffer
|
remote
|
gain
|
root
|
via
|
Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.
The locking feature in mIRC 5.7 allows local us
LockOptions
|
mechanism
|
modifying
|
password
|
registry
|
feature
|
locking
|
allows
|
bypass
|
local
|
users
|
mIRC
|
key
|
The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key.
Sharp Zaurus PDA SL-5000D and SL-5500 uses a sa
screen-locking
|
Securityconf
|
password
|
SL-5000D
|
encrypt
|
methods
|
SL-5500
|
stored
|
easier
|
Zaurus
|
makes
|
which
|
local
|
users
|
force
|
Sharp
|
guess
|
brute
|
salt
|
uses
|
"A0"
|
file
|
via
|
PDA
|
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
The screen saver in MacOS X allows users with p
underlying
|
characters
|
triggering
|
physical
|
overflow
|
possibly
|
password
|
session
|
allows
|
number
|
buffer
|
screen
|
access
|
field
|
MacOS
|
crash
|
users
|
large
|
cause
|
saver
|
gain
|
via
|
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
The default installation of SAP R/3 46C/D allow
installation
|
attackers
|
guessing
|
password
|
default
|
locking
|
account
|
instead
|
conduct
|
SAPGUI
|
allows
|
attack
|
bypass
|
remote
|
which
|
force
|
brute
|
using
|
46C/D
|
like
|
does
|
lock
|
not
|
out
|
R/3
|
SAP
|
API
|
RFC
|
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
The FTP client for Solaris 2.6, 7, and 8 with t
Solaris
|
client
|
debug
|
FTP
|
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
Weblogic.admin for BEA WebLogic Server and Expr
Weblogicadmin
|
WebLogic
|
Express
|
Server
|
BEA
|
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
Race condition in the setsid function in Linux
condition
|
function
|
before
|
setsid
|
Linux
|
Race
|
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
A locking problem in POSIX timer cleanup handli
handling
|
cleanup
|
problem
|
locking
|
kernel
|
Linux
|
timer
|
POSIX
|
exit
|
A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers.
WebEOC before 6.0.2 allows remote attackers to
before
|
WebEOC
|
WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods.
Mail Management Agent (MAILMA) (aka Mail Manage
Management
|
Agent
|
Mail
|
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account.
kdesktop_lock in kdebase before 3.1.3-5.11 for
kdesktop_lock
|
Enterprise
|
313-511
|
kdebase
|
before
|
Linux
|
Hat
|
KDE
|
Red
|
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
Password Safe 2.11, 2.16 and 3.0BETA1 does not
Password
|
Safe
|
Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents.
fb_lock_mgr in Firebird 1.5 uses weak permissio
permissions
|
fb_lock_mgr
|
Firebird
|
weak
|
uses
|
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.
** DISPUTED ** GNU screen 4.0.3 allows local u
DISPUTED
|
screen
|
GNU
|
** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue.
Software vulnerabilities results 1 to 20 of 75
Page:
1
2
3
4
►