473 matches found
CVE-2018-10739
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WMSYSCOMMAND is not properly considered...
Design/Logic Flaw
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WMSYSCOMMAND is not properly considered...
CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining
Introduction FireEye researchers recently observed threat actors abusing CVE-2017-10271 to deliver various cryptocurrency miners. CVE-2017-10271 is a known input validation vulnerability that exists in the WebLogic Server Security Service WLS Security in Oracle WebLogic Server versions 12.2.1.2.0...
Damon database suffers from an override modification process vulnerability (CNVD-2018-03645)
DM7 is a new-generation database product designed by Damon on the basis of summarizing the R&D and application experience of DM series products, absorbing the advantages of mainstream database products, and adopting JAVA-like virtual machine technology. DM7 database has the loophole of oversteppi...
Kannel Arbitrary Process Termination Vulnerability
Kannel is an open source WAP and SMS gateway from the Kannel team. A security vulnerability exists in Kannel 1.5.0 and earlier versions, which stems from a program that creates a PID file after downgrading an account to a non-root account. A local attacker can exploit the vulnerability to termina...
CVE-2016-3104
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...
CVE-2017-13649
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command. NOTE: t...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
DEBIAN-CVE-2017-11747
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a...
CVE-2016-3104
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...
CVE-2016-3104
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...
CVE-2016-3104
Removed by vendor...
Linux Kernel (Ubuntu 14.04 LTS) SIGIO Signal
Title: Linux Kernel Ubuntu 14.04 LTS - Send a SIGIO Signal to process + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: CVE-2017-7319 Vulnerable Version: =================== Kernel:...
CVE-2017-3879
A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to...
CVE-2016-8344
An issue was discovered in Honeywell Experion Process Knowledge System PKS platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a...
CVE-2016-8344
CVE-2016-8344 affects Honeywell Experion PKS (Release 3xx and prior; 400, 410, 430, 431) where input is not properly validated. A specially crafted packet could cause the process to terminate, and a successful exploit would prevent firmware uploads to Series-C devices. Exploitation is listed as r...
Linux - Multi/Dual mode execve("/bin/sh", NULL, 0) Shellcode (37 bytes)
Linux - Multi/Dual mode execve"/bin/sh", NULL, 0 Shellcode 37 bytes. Shellcode exploit for Linux platform / Copyright © 2017 Odzhan. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:...
LEN-7814 Lenovo Solution Center Arbitrary Process Termination or Code Execution by Unprivileged Local Users - Lenovo Support MY
No description provided...
CVE-2016-3638
SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...
CVE-2016-3638
SAP SLD Registration Program (SLDREG) is the affected component. The issue enables a local attacker to cause a denial of service via a crafted HOST parameter, due to memory corruption and process termination. The root cause is the handling of the HOST parameter within SLDREG. The impact is a loca...