shell lock software vulnerabilities

Searching shell lock software vulnerabilities

CDE screen lock program (screenlock) on Solaris

CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.

Solaris Solstice AdminSuite (AdminSuite) 2.1 an

AdminSuite | Solstice | Solaris |

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.

shell-lock in Cactus Software Shell Lock allows

shell-lock in Cactus Software Shell Lock allows local users to read or modify decoded shell files before they are executed, via a symlink attack on a temporary file.

POP2 or POP3 server (pop3d) in imap-uw IMAP pac

server | POP3 | POP2 |

POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.

qpopper POP server creates lock files with pred

qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.

Buffer overflow in portmir for AIX 4.3.0 allows

overflow | portmir | Buffer | AIX |

Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.

MDaemon Pro 3.5.1 and earlier allows local user

MDaemon | Pro |

MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key.

kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows

kmmodreg | HP-UX |

kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.

Beck GmbH IPC@Chip TelnetD service supports onl

Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.

IBM AIX 430 does not properly unlock IPPMTU_LOC

AIX | IBM |

IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.

dump 0.4 b10 through b29 allows local users to

dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.

FTGate and FTGate Pro 1.05 lock user mailboxes

FTGate | Pro |

FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users.

Buffer overflow gds_lock_mgr of Interbase Datab

Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).

The address parser code in Postfix 1.1.12 and e

Postfix | address | parser | code |

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

Firefox before 1.0.1 and Mozilla before 1.7.6 a

Firefox | before |

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.

NetLeaf Limited NotJustBrowsing 1.0.3 stores th

NotJustBrowsing | Limited | NetLeaf |

NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges.

kcheckpass in KDE 3.2.0 up to 3.4.2 allows loca

kcheckpass | KDE |

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.

Usermin before 1.220 (20060629) allows remote a

Usermin | before |

Usermin before 1.220 (Thursday, June 29, 2006) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.

Apache Derby before 10.2.1.6 does not determine

before | Apache | Derby |

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

The Distributed Lock Manager (DLM) in the clust

Distributed | Manager | Lock |

The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.

Software vulnerabilities results 1 to 20 of 407

Page: 12 3 4 5...21 ►

shell lock software vulnerabilities

vulnerabilities.aspcode.net

Searching shell lock software vulnerabilities