startup software vulnerabilities
vulnerabilities.aspcode.net
Searching startup software vulnerabilities
Several startup scripts in SCO OpenServer Enter
Enterprise
|
OpenServer
|
vulnerable
|
S84rpcinit
|
including
|
allowing
|
Several
|
startup
|
scripts
|
symlink
|
access
|
attack
|
S89nfs
|
System
|
S95nis
|
S85tcp
|
local
|
gain
|
root
|
504p
|
user
|
SCO
|
Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access.
Control Panel "Password Security" option for Ap
inaccessible
|
aaaaaaaAPWD
|
Powerbooks
|
emergency
|
attackers
|
Security"
|
"Password
|
physical
|
password
|
normally
|
security
|
booting
|
startup
|
machine
|
Control
|
on/off
|
modify
|
option
|
toggle
|
editor
|
access
|
bypass
|
allows
|
Panel
|
which
|
Apple
|
using
|
disk
|
file
|
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
The default configuration of SYSKEY in Windows
configuration
|
Windows
|
default
|
SYSKEY
|
The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
The SuSE aaa_base package installs some system
directories
|
privileges
|
standard
|
accounts
|
creating
|
profiles
|
aaa_base
|
installs
|
package
|
scripts
|
startup
|
allows
|
system
|
those
|
users
|
local
|
which
|
user
|
such
|
some
|
/tmp
|
gain
|
home
|
SuSE
|
set
|
The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
inetd in Compaq Tru64 UNIX 5.1 allows attackers
attackers
|
service
|
allows
|
denial
|
Compaq
|
inetd
|
cause
|
Tru64
|
UNIX
|
inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services.
Microsoft SQL Server 2000 through SQL Server 20
Microsoft
|
Server
|
SQL
|
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
The (1) phrafx and (2) phgrafx-startup programs
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
OpenOffice (OOo) 1.1.2 creates predictable dire
OpenOffice
|
OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
Internet Explorer in Windows XP SP2, and other
including
|
versions
|
Internet
|
Explorer
|
Windows
|
other
|
SP2
|
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Iptables before 1.2.11, under certain condition
Iptables
|
before
|
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
The (1) SetDebugging and (2) RunEgatherer metho
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
The startup script in packages/RedHat/ntop.init
packages/RedHat/ntopinit
|
insecurely
|
arbitrary
|
attackers
|
temporary
|
writable
|
ntopconf
|
creates
|
execute
|
besides
|
startup
|
before
|
allows
|
script
|
remote
|
users
|
files
|
which
|
code
|
root
|
ntop
|
The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, an
Netscape
|
Firefox
|
Mozilla
|
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
Insyde BIOS V190 does not clear the keyboard bu
administrators
|
keyboard
|
directly
|
password
|
physical
|
reading
|
startup
|
allows
|
memory
|
system
|
during
|
buffer
|
Insyde
|
local
|
users
|
clear
|
after
|
which
|
V190
|
BIOS
|
does
|
read
|
not
|
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
AWARD Bios Modular 4.50pg does not clear the ke
administrators
|
password
|
keyboard
|
directly
|
physical
|
reading
|
startup
|
Modular
|
during
|
system
|
allows
|
buffer
|
memory
|
local
|
AWARD
|
users
|
450pg
|
after
|
clear
|
which
|
does
|
Bios
|
read
|
not
|
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
BEA WebLogic Server and WebLogic Express 8.1 SP
information
|
sensitive
|
WebLogic
|
include
|
startup
|
command
|
Express
|
earlier
|
Server
|
might
|
which
|
line
|
Java
|
SP4
|
BEA
|
SP5
|
log
|
SP7
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.
QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.loca
Neutrino
|
RTOS
|
QNX
|
QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.
Absolute path traversal vulnerability in Easy F
vulnerability
|
traversal
|
Absolute
|
Sharing
|
File
|
path
|
Easy
|
Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.
heartbeat.c in heartbeat before 2.0.6 sets inse
heartbeatc
|
heartbeat
|
before
|
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
WebRoot Spy Sweeper 4.5.9 and earlier allows lo
Sweeper
|
WebRoot
|
Spy
|
WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys.
Software vulnerabilities results 1 to 20 of 32
Page:
1
2
►