151 matches found
CVE-2016-5248
The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument...
Command injection
The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument...
CVE-2016-5248
The CVE-2016-5248 issue affects Lenovo Solution Center versions older than 3.3.003. The StopProxy command in LSC.Services.SystemService allows local users to terminate arbitrary processes via the PID argument, indicating a local privilege/availability impact. Lenovo advisory LEN-7814 confirms the...
Design/Logic Flaw
The processorsettasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges...
CVE-2015-5882
The processorsettasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges...
CVE-2014-3684
The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...
CVE-2014-3684
The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...
Design/Logic Flaw
The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...
CVE-2014-3684
The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...
Dell TrueMobile 1300 WLAN System 3.10.39 .0 Tray Applet Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9714/info It has been reported that a privilege escalation vulnerability exists in the Dell TrueMobile 1300 Wireless System Tray Applet. The issue is due to the software starting with SYSTEM privileges, to enable access t...
Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15671/info Microsoft Windows is prone to a local denial of service vulnerability. This issue can allow an attacker to trigger a system wide denial of service condition or terminate arbitrary processes. Reports indicate th...
MS Windows 2000 Debug Registers Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2764/info A vulnerability exists in the handling of debug registers in Windows 2000. It is possible for unprivileged processes to create breakpoints for arbitrary processes. This can be used to 'kill' arbitrary processes...
HP Data Protector Backup Client Service Remote Code Execution Exploit
Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution', 'Description' = %q This module abuses the Backup Client Service OmniInet.exe to achieve remote code execution. The vulnerability exists in...
CVE-2013-4277
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option...
AIX 5.2 TL 0 : ps (IZ11242)
An information leak exists in the 'bos.rte.control' fileset commands listed below. A local attacker may access sensitive information for arbitrary processes. The following commands are vulnerable : /usr/bin/ps. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was...
Command injection
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line...
Gentoo Security Advisory GLSA 201207-07 (keepalived)
The remote host is missing updates announced in advisory GLSA 201207-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Debian DSA-2376-2 : ipmitool - insecure PID file
It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
[SECURITY] [DSA 2376-2] ipmitool security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2376-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst December 31, 2011 http://www.debian.org/security/faq -...
DSA-2376-2 ipmitool - insecure pid file
Bulletin has no description...