Searching security critical software vulnerabilities

A system-critical NETBIOS/SMB share has inappro

system-critical | inappropriate | NETBIOS/SMB | control | access | share | has |

A system-critical NETBIOS/SMB share has inappropriate access control.


The permissions for a system-critical NIS+ tabl

system-critical | permissions | table | NIS+ |

The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate.


NFS exports system-critical data to the world,

system-critical | password | exports | world | file | data | NFS |

NFS exports system-critical data to the world, e.g. / or a password file.


A system-critical Unix file or directory has in

system-critical | inappropriate | permissions | directory | Unix | file | has |

A system-critical Unix file or directory has inappropriate permissions.


A system-critical Windows NT file or directory

system-critical | inappropriate | permissions | directory | Windows | file | has |

A system-critical Windows NT file or directory has inappropriate permissions.


A Windows NT system's file audit policy does no

security-critical | directories | system's | failure | Windows | success | policy | audit | event | files | file | does | not | log |

A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.


A Windows NT system's registry audit policy doe

security-critical | registry | system's | failure | success | Windows | policy | event | audit | does | keys | not | log |

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.


A Windows NT account policy has inappropriate,

security-critical | inappropriate | settings | attempts | duration | lockout | account | Windows | policy | logon | after | etc | has | bad |

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.


A system-critical Windows NT registry key has i

system-critical | inappropriate | permissions | registry | Windows | key | has |

A system-critical Windows NT registry key has inappropriate permissions.


The setup wizard (ie5setup.exe) for Internet Ex

wizard | setup |

The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs.


Buffer overflow in the find_default_type functi

find_default_type | Security-enhanced | libsecure | attackers | overflow | critical | function | Buffer | modify | memory | allow | Linux | which | data | NSA | may |

Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory.


Multiple Check Point Zone Labs ZoneAlarm produc

ZoneAlarm | products | Multiple | before | Check | Point | Zone | Labs |

Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.


The installation of Trend Micro PC-Cillin Inter

installation | PC-Cillin | Internet | Security | Trend | Micro |

The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files.


AOL 9.0 Security Edition revision 4184.2340, an

revision | Security | Edition | AOL |

AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.


Trend Micro PC-cillin Internet Security 2006 14

PC-cillin | Internet | Security | Micro | Trend |

Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe.


ISNTSmtp directory in Trend Micro InterScan Mes

Messaging | InterScan | directory | ISNTSmtp | Security | Suite | Trend | Micro |

ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe.


Unspecified vulnerability in phpAutoMembersArea

phpAutoMembersArea | vulnerability | Unspecified |

Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."


The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NA


The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.


Symantec Reporting Server 1.0.197.0, and other

Reporting | Symantec | Server |

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.


contrib/mx_glance_sdesc.php in the mx_glance 2.

contrib/mx_glance_sdescphp | mx_glance |

contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.


Software vulnerabilities results 1 to 20 of 630     
Page: 12345...32