system critical software vulnerabilities
vulnerabilities.aspcode.net
Searching system critical software vulnerabilities
The permissions for a system-critical NIS+ tabl
system-critical
|
permissions
|
table
|
NIS+
|
The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate.
The permissions for system-critical data in an
system-critical
|
inappropriate
|
overwritten
|
permissions
|
obtainable
|
executable
|
directory
|
writeable
|
anonymous
|
commands
|
password
|
example
|
account
|
world
|
such
|
data
|
"ls"
|
real
|
root
|
file
|
FTP
|
can
|
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.
NFS exports system-critical data to the world,
system-critical
|
password
|
exports
|
world
|
file
|
data
|
NFS
|
NFS exports system-critical data to the world, e.g. / or a password file.
A system-critical Unix file or directory has in
system-critical
|
inappropriate
|
permissions
|
directory
|
Unix
|
file
|
has
|
A system-critical Unix file or directory has inappropriate permissions.
A system-critical Windows NT file or directory
system-critical
|
inappropriate
|
permissions
|
directory
|
Windows
|
file
|
has
|
A system-critical Windows NT file or directory has inappropriate permissions.
A Windows NT system's file audit policy does no
security-critical
|
directories
|
system's
|
failure
|
Windows
|
success
|
policy
|
audit
|
event
|
files
|
file
|
does
|
not
|
log
|
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.
A Windows NT system's file audit policy does no
non-critical
|
directories
|
system's
|
failure
|
Windows
|
success
|
policy
|
audit
|
event
|
files
|
file
|
does
|
not
|
log
|
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
A Windows NT system's registry audit policy doe
security-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
A Windows NT system's registry audit policy doe
non-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
The HKEY_LOCAL_MACHINE key in a Windows NT syst
HKEY_LOCAL_MACHINE
|
system-critical
|
inappropriate
|
permissions
|
Windows
|
system
|
key
|
has
|
The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.
The HKEY_CLASSES_ROOT key in a Windows NT syste
HKEY_CLASSES_ROOT
|
system-critical
|
inappropriate
|
permissions
|
Windows
|
system
|
key
|
has
|
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
A WWW server is not running in a restricted fil
system-critical
|
restricted
|
allowing
|
through
|
running
|
server
|
access
|
chroot
|
system
|
data
|
file
|
thus
|
not
|
A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.
A system-critical Windows NT registry key has i
system-critical
|
inappropriate
|
permissions
|
registry
|
Windows
|
key
|
has
|
A system-critical Windows NT registry key has inappropriate permissions.
A system-critical Windows NT registry key has a
system-critical
|
inappropriate
|
registry
|
Windows
|
value
|
key
|
has
|
A system-critical Windows NT registry key has an inappropriate value.
A system-critical program or library does not h
system-critical
|
appropriate
|
installed
|
outdated
|
obsolete
|
service
|
program
|
library
|
hotfix
|
patch
|
does
|
have
|
pack
|
not
|
A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.
A system-critical program, library, or file has
system-critical
|
measurement
|
integrity
|
indicates
|
modified
|
checksum
|
library
|
program
|
other
|
been
|
file
|
has
|
A system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified.
avast! Antivirus 4.6.763 and earlier sets "BUIL
Antivirus
|
avast
|
avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files.
Trend Micro PC-cillin Internet Security 2006 14
PC-cillin
|
Internet
|
Security
|
Micro
|
Trend
|
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe.
Trend Micro OfficeScan 5.5, and probably other
tmlistenexe
|
privileges
|
OfficeScan
|
modifying
|
insecure
|
critical
|
versions
|
probably
|
allows
|
SYSTEM
|
before
|
users
|
Trend
|
Micro
|
local
|
files
|
which
|
DACLs
|
other
|
gain
|
uses
|
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
Unrestricted critical resource lock in Agnitum
Unrestricted
|
Firewall
|
resource
|
critical
|
Outpost
|
Agnitum
|
lock
|
PRO
|
Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex.
Software vulnerabilities results 1 to 20 of 1123
Page:
1
2
3
4
5
...
57
►