screen software vulnerabilities
vulnerabilities.aspcode.net
Searching screen software vulnerabilities
CDE screen lock program (screenlock) on Solaris
program
|
screen
|
lock
|
CDE
|
CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.
Screen savers in KDE beta 3 allows local users
overwrite
|
arbitrary
|
symlink
|
Screen
|
savers
|
attack
|
ksspid
|
allows
|
files
|
users
|
local
|
beta
|
file
|
KDE
|
via
|
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
Macromedia "The Matrix" screen saver on Windows
protected"
|
Macromedia
|
attackers
|
"Password
|
physical
|
pressing
|
password
|
enabled
|
machine
|
Windows
|
Matrix"
|
screen
|
bypass
|
prompt
|
allows
|
option
|
access
|
saver
|
"The
|
ESC
|
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.
Buffer overflow in LCDproc allows remote attack
privileges
|
screen_add
|
attackers
|
overflow
|
command
|
LCDproc
|
allows
|
Buffer
|
remote
|
gain
|
root
|
via
|
Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.
screen and rxvt in Red Hat Linux 6.0 do not pro
properly
|
devices
|
screen
|
allows
|
which
|
write
|
other
|
local
|
users
|
Linux
|
modes
|
rxvt
|
ttys
|
Red
|
Hat
|
set
|
not
|
tty
|
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
Vulnerability in screen before 3.9.10, related
Vulnerability
|
before
|
screen
|
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.
Tiny Personal Firewall (TPF) 2.0.15, under cert
Firewall
|
Personal
|
Tiny
|
Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions.
Buffer overflow in the Braille module for GNU s
overflow
|
Braille
|
screen
|
module
|
Buffer
|
GNU
|
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
Logitech iTouch keyboards allows attackers with
user-defined
|
attackers
|
keyboards
|
function
|
commands
|
physical
|
Logitech
|
assigned
|
locking
|
execute
|
button
|
access
|
allows
|
iTouch
|
bypass
|
screen
|
system
|
have
|
been
|
Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button.
Windows 2000 Terminal Services, when using the
Windows
|
Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
Sharp Zaurus PDA SL-5000D and SL-5500 uses a sa
screen-locking
|
Securityconf
|
password
|
SL-5000D
|
encrypt
|
methods
|
SL-5500
|
stored
|
easier
|
Zaurus
|
makes
|
which
|
local
|
users
|
force
|
Sharp
|
guess
|
brute
|
salt
|
uses
|
"A0"
|
file
|
via
|
PDA
|
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
The Novell Netware client running on Windows 95
arbitrary
|
launched
|
Windows
|
running
|
feature
|
Netware
|
bypass
|
screen
|
allows
|
client
|
Novell
|
"What
|
which
|
this"
|
login
|
users
|
files
|
local
|
open
|
help
|
via
|
can
|
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
The screen saver in MacOS X allows users with p
underlying
|
characters
|
triggering
|
physical
|
overflow
|
possibly
|
password
|
session
|
allows
|
number
|
buffer
|
screen
|
access
|
field
|
MacOS
|
crash
|
users
|
large
|
cause
|
saver
|
gain
|
via
|
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
Unknown vulnerability in Mac OS X before 10.3 a
vulnerability
|
Unknown
|
before
|
Mac
|
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.
The FTP client for Solaris 2.6, 7, and 8 with t
Solaris
|
client
|
debug
|
FTP
|
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
Weblogic.admin for BEA WebLogic Server and Expr
Weblogicadmin
|
WebLogic
|
Express
|
Server
|
BEA
|
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
Cross-site scripting (XSS) vulnerability in ins
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter.
Quartz Composer Screen Saver in Mac OS X 10.4.2
Composer
|
Screen
|
Quartz
|
Saver
|
Mac
|
Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.
Cross-site scripting (XSS) vulnerability in php
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.
** DISPUTED ** GNU screen 4.0.3 allows local u
DISPUTED
|
screen
|
GNU
|
** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue.
Software vulnerabilities results 1 to 20 of 62
Page:
1
2
3
4
►