wildfly: Race condition on PID file allows for termination of arbitrary processes by local users

A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash

It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges...

wildfly: Race condition on PID file allows for termination of arbitrary processes by local users

A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

UBUNTU-CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. busprocessobject in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to...

UBUNTU-CVE-2018-12028

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates a...

MIMEDefang Elevation of Privilege Vulnerability

MIMEDefang is a high performance email filtering system. A security vulnerability exists in MIMEDefang 2.80 and earlier versions, which stems from the program creating a PID file after removing account privileges. A local attacker can exploit the vulnerability to terminate arbitrary processes...

ALPINE-CVE-2017-14159

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...

CVE-2016-5248

The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument...

ApPHP Hotel Site SQL Injection Vulnerability

ApPHP Hotel Site is a PHP-based hotel management solution from ApPHP USA. The program provides hotel management and online booking and other functions. A SQL injection vulnerability exists in ApPHP Hotel Site version 3.x.x. The vulnerability stems from the index.php script failing to adequately...

Windows Manage Memory Payload Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...

PT-2013-4945 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.11 Description: The issue allows local users to gain privileges via PID spoofing due to an incorrect namespace capability check in the scm check creds function. Recommendations: For versions prior to 3.11,...

Scientific Linux Security Update : dnsmasq on SL6.x i386/x86_64 (20130221)

It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS...

Microsoft Windows - Manage Memory Payload Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' class...

ZoneAlarm及Comodo防火墙本地绕过保护机制漏洞

ZoneAlarm和Comodo都是非常流行的个人防火墙。 ZoneAlarm及Comodo防火墙在检测管理进程的实现上存在漏洞，本地攻击者可能利用此漏洞绕过检测。...

Multiple personal firewalls uncommon process identifier protection bypass

Two lower bits of process identifier are not ignored in hooked OpenProcess functions, making it possible to access protected application by using process id no divisible by 4...

DEBIAN-CVE-2005-0077

The DBI library libdbi-perl for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file...

security flaw

The DBI library libdbi-perl for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file...

PT-2003-2363

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 1.3.22 through 1.3.27 Description The issue allows remote attackers to obtain sensitive information. This can be achieved via the ETag header, which reveals the inode number, or the multipart MIME boundary, which...

DEBIAN-CVE-2001-1534

modusertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication...