starting software vulnerabilities
vulnerabilities.aspcode.net
Searching starting software vulnerabilities
inetd in AIX 4.1.5 dynamically assigns a port N
inetd
|
AIX
|
inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.
Xsession in Red Hat Linux 6.1 and earlier can a
anotherlevel
|
restricted
|
execution
|
accounts
|
Xsession
|
starting
|
earlier
|
bypass
|
allow
|
gnome
|
Linux
|
users
|
local
|
file
|
Hat
|
kdm
|
can
|
Red
|
kde
|
Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm.
ZAK in Appstation mode allows users to bypass t
applications
|
Appstation
|
starting
|
Explorer
|
allowed
|
policy
|
allows
|
Office
|
bypass
|
apps"
|
users
|
mode
|
"Run
|
only
|
ZAK
|
ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe.
Emacs 20 does not properly set permissions for
communications
|
permissions
|
subprocess
|
starting
|
properly
|
between
|
modify
|
allows
|
device
|
which
|
slave
|
local
|
Emacs
|
users
|
read
|
does
|
PTY
|
set
|
new
|
not
|
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
NetOp School 1.5 allows local users to bypass a
administration
|
restrictions
|
starting
|
version
|
student
|
logging
|
closing
|
School
|
allows
|
bypass
|
access
|
users
|
local
|
NetOp
|
into
|
then
|
NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version.
Xircom REX 6000 allows local users to obtain th
Xircom
|
REX
|
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
BEA WebLogic Server and WebLogic Express 7.0 th
restrictions
|
unauthorized
|
starting
|
stopping
|
security
|
Operator
|
WebLogic
|
enforce
|
through
|
service
|
servers
|
Express
|
denial
|
Server
|
allows
|
roles
|
cause
|
which
|
users
|
Admin
|
does
|
site
|
SP5
|
SP2
|
BEA
|
not
|
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly
fcronsighup
|
Fcron
|
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
Unquoted Windows search path vulnerability in B
vulnerability
|
BitDefender
|
malicious
|
starting
|
Unquoted
|
creating
|
prevent
|
Windows
|
allows
|
search
|
users
|
local
|
path
|
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 pass
JDeveloper
|
Oracle
|
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
unix_random.c in lshd for lsh 2.0.1 leaks file
unix_randomc
|
lshd
|
lsh
|
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
Eval injection vulnerability in the configure s
vulnerability
|
configure
|
injection
|
script
|
TWiki
|
Eval
|
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
Use-after-free vulnerability in the Client/Serv
Use-after-free
|
Client/Server
|
vulnerability
|
Subsystem
|
Run-time
|
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Header.pm in Net::DNS before 0.60, a Perl modul
Headerpm
|
Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.
The Jedox Palo 1.5 client transmits the passwor
demonstrated
|
performing
|
cleartext
|
attackers
|
transmits
|
starting
|
sniffing
|
password
|
network
|
opening
|
plugin
|
Insert
|
client
|
remote
|
obtain
|
which
|
Jedox
|
allow
|
might
|
Excel
|
View
|
cube
|
Palo
|
The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.
Software vulnerabilities results 1 to 16 of 16
Page:
1