Searching sys timer create software vulnerabilities

Vulnerability in Monitor utility (SYS$SHARE:SPI

Vulnerability | utility | Monitor |

Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges.


The timer implementation in QNX RTOS 6.1.0 allo

implementation | timer | RTOS | QNX |

The timer implementation in QNX RTOS 6.1.0 allows local users to cause a denial of service (hang) and possibly execute arbitrary code by creating multiple timers with a 1-ms tick.


NFS Server (XNFS.NLM) for Novell NetWare 6.5 do

Server | NFS |

NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.


Rule Set Based Access Control (RSBAC) 1.2.2 thr

Control | Access | Based | Rule | Set |

Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.


Multiple syscalls in the compat subsystem for N

subsystem | syscalls | Multiple | service | denial | before | NetBSD | compat | cause | allow | local | users |

Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions.


Multiple SQL injection vulnerabilities in Layto

vulnerabilities | injection | Multiple | HelpBox | Layton | SQL |

Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database.


Multiple TCP implementations with Protection Ag

implementations | Protection | Sequence | Multiple | Numbers | Wrapped | Against | TCP |

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.


Integer overflow in sys_epoll_wait in eventpoll

sys_epoll_wait | eventpollc | overflow | Integer | kernel | Linux |

Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.


The DBMS_Scheduler in Oracle 10g allows remote

DBMS_Scheduler | SESSION_USER | additional | privileges | attackers | changing | CREATE | allows | remote | Oracle | user | gain | SYS | 10g | JOB |

The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.


The sys_set_mempolicy function in mempolicy.c i

sys_set_mempolicy | mempolicyc | function | service | allows | denial | kernel | cause | users | Linux | local | 26x |

The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument.


The manual installation of Oracle HTML DB (HTML

installation | Oracle | manual | HTML |

The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges.


Race condition in ip_vs_conn_flush in Linux 2.6

ip_vs_conn_flush | condition | before | Linux | Race |

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.


A locking problem in POSIX timer cleanup handli

handling | cleanup | problem | locking | kernel | Linux | timer | POSIX | exit |

A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers.


Oracle Database 8i, 9i, and 10g allow remote au

AUTH_ALTER_SESSION | authentication | authenticated | Transparent | privileged | statements | Substrate | attribute | including | arbitrary | Database | accounts | modified | logging | Network | context | execute | Oracle | create | bypass | remote | phase | audit | users | allow | user | 10g | SQL | via | new | SYS |

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265.


Race condition in run_posix_cpu_timers in Linux

run_posix_cpu_timers | condition | kernel | before | Linux | Race |

Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.


Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird

Firefox | Mozilla | before |

Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.


Ubuntu Linux 6.10 for the PowerPC (PPC) allows

Ubuntu | Linux |

Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.


The isdn_ppp_ccp_reset_alloc_state function in

isdn_ppp_ccp_reset_alloc_state | drivers/isdn/isdn_pppc | init_timer | 2434-rc4 | function | unknown | vectors | results | kernel | system | before | attack | state | timer | which | Linux | crash | reset | does | call | ISDN | PPP | not | has | CCP |

The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.


Mozilla Firefox does not properly manage a dela

confirmation | confirming | execution | attackers | properly | Firefox | Mozilla | dialogs | "dialog | refocus | remote | action | unsafe | manage | users | timer | delay | might | which | trick | allow | bug" | does | file | used | into | such | aka | not |

Mozilla Firefox does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, aka the "dialog refocus bug."


Unspecified vulnerability in (1) SYS$EI1000.EXE

vulnerability | Unspecified |

Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."


Software vulnerabilities results 1 to 20 of 421     
Page: 12345...22