trojan software vulnerabilities
vulnerabilities.aspcode.net
Searching trojan software vulnerabilities
A hacker utility, back door, or Trojan Horse is
installed
|
Orifice
|
Rootkit
|
utility
|
hacker
|
system
|
Trojan
|
NetBus
|
Horse
|
back
|
door
|
etc
|
A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc.
serial_ports administrative program in IRIX 4.x
administrative
|
environmental
|
serial_ports
|
privileges
|
variable
|
execute
|
program
|
Trojan
|
allows
|
user's
|
trusts
|
horse
|
users
|
local
|
which
|
find
|
PATH
|
IRIX
|
gain
|
root
|
via
|
serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
The "AEDebug" registry key is installed with in
automatically
|
permissions
|
installed
|
"AEDebug"
|
executed
|
debugger
|
registry
|
insecure
|
specify
|
Trojan
|
modify
|
system
|
allows
|
crash
|
local
|
which
|
Horse
|
users
|
key
|
The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.
ARCAD Systemhaus 0.078-5 installs critical prog
world-writeable
|
permissions
|
privileges
|
Systemhaus
|
replacing
|
programs
|
installs
|
critical
|
program
|
0078-5
|
Trojan
|
users
|
horse
|
which
|
files
|
ARCAD
|
could
|
local
|
allow
|
gain
|
ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse.
The default configuration of Slackware 3.4, and
configuration
|
Slackware
|
versions
|
includes
|
possibly
|
default
|
other
|
The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users.
abuse.console in Red Hat 2.1 uses relative path
abuseconsole
|
pathnames
|
arbitrary
|
commands
|
relative
|
program
|
execute
|
points
|
allows
|
Trojan
|
users
|
horse
|
local
|
undrv
|
which
|
path
|
uses
|
find
|
Red
|
Hat
|
via
|
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.
The Windows NT scheduler uses the drive mapping
interactive
|
privileges
|
currently
|
providing
|
scheduler
|
original
|
mapping
|
Windows
|
system
|
Trojan
|
logged
|
allows
|
place
|
batch
|
horse
|
which
|
drive
|
local
|
file
|
uses
|
gain
|
onto
|
user
|
The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
VariCAD 7.0 is installed with world-writeable f
world-writeable
|
installed
|
programs
|
replace
|
VariCAD
|
program
|
Trojan
|
allows
|
horse
|
which
|
files
|
users
|
local
|
VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.
The FSserial, FlagShip_c, and FlagShip_p progra
world-writeable
|
FlagShip_p
|
FlagShip_c
|
installed
|
programs
|
FSserial
|
FlagShip
|
replace
|
package
|
Trojan
|
horses
|
allows
|
local
|
which
|
users
|
them
|
The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
OpenLDAP 1.2.11 and earlier improperly installs
OpenLDAP
|
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
Trustix installs the httpsd program for Apache-
world-writeable
|
permissions
|
Apache-SSL
|
installs
|
replace
|
Trustix
|
program
|
Trojan
|
httpsd
|
allows
|
horse
|
which
|
local
|
users
|
Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
dump in Red Hat Linux 6.2 trusts the pathname s
environmental
|
privileges
|
specified
|
modifying
|
variable
|
pathname
|
program
|
allows
|
trusts
|
obtain
|
Trojan
|
point
|
horse
|
users
|
which
|
Linux
|
local
|
dump
|
root
|
Red
|
RSH
|
Hat
|
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
rcvtty in BSD 3.0 and 4.0 does not properly dro
privileges
|
specifying
|
alternate
|
executing
|
attackers
|
properly
|
command
|
allows
|
rcvtty
|
script
|
Trojan
|
before
|
horse
|
which
|
local
|
does
|
line
|
gain
|
drop
|
not
|
BSD
|
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
restore 0.4b15 and earlier in Red Hat Linux 6.2
environmental
|
privileges
|
modifying
|
specified
|
pathname
|
variable
|
restore
|
earlier
|
program
|
allows
|
obtain
|
trusts
|
Trojan
|
04b15
|
horse
|
point
|
which
|
Linux
|
local
|
users
|
root
|
Hat
|
Red
|
RSH
|
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
The default configuration of McAfee VirusScan 4
configuration
|
"commonexe"
|
improperly
|
ImagePath
|
VirusScan
|
variable
|
program
|
default
|
search
|
allows
|
Trojan
|
McAfee
|
place
|
users
|
horse
|
quote
|
which
|
local
|
does
|
sets
|
path
|
not
|
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
Gator ActiveX component (IEGator.dll) 3.0.6.1 a
component
|
ActiveX
|
Gator
|
Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter.
PHPNetToolpack 0.1 relies on its environment's
PHPNetToolpack
|
environment's
|
traceroute
|
privileges
|
inserting
|
execute
|
program
|
search
|
relies
|
Trojan
|
users
|
horse
|
local
|
could
|
which
|
allow
|
PATH
|
into
|
gain
|
find
|
its
|
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
header.php in ttCMS 2.3 and earlier allows remo
ttcms_user_admin
|
headerincphp
|
admin_root
|
headerphp
|
arbitrary
|
modifying
|
parameter
|
attackers
|
contains
|
earlier
|
setting
|
allows
|
script
|
Trojan
|
remote
|
inject
|
horse
|
ttCMS
|
point
|
code
|
"1"
|
URL
|
PHP
|
header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script.
verifiedexecioctl in verified_exec.c in NetBSD
verifiedexecioctl
|
verified_execc
|
NetBSD
|
verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.
Untrusted search path vulnerability in unspecif
vulnerability
|
unspecified
|
components
|
LiveUpdate
|
Macintosh
|
Untrusted
|
Symantec
|
search
|
path
|
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
Software vulnerabilities results 1 to 20 of 46
Page:
1
2
3
►