7251 matches found
CVE-1999-1025
CDE screen lock program screenlock on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string...
CVE-1999-1400
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked...
CVE-1999-1454
The vulnerability CVE-1999-1454 affects Macromedia The Matrix screen saver on Windows 95 when the Password protected option is enabled. The root cause is that pressing the Escape key can bypass the password prompt, allowing attackers with physical access to unlock the system. The NVD entry lists ...
CVE-1999-1370
The setup wizard ie5setup.exe for Internet Explorer 5.0 disables 1 the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and 2 the Task Scheduler Service, which might prevent the scheduled execution of...
CVE-1999-1370
The CVE-1999-1370 entry concerns the Internet Explorer 5.0 setup wizard (ie5setup.exe). The provided sources state that during unattended installation it disables the screen saver and the Task Scheduler Service, potentially allowing local access or disruption of security-critical program executio...
CVE-1999-1454
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC Escape key...
SuSE Security Announcement: screen (SuSE-SA:2001:030)
-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: screen Announcement-ID: SuSE-SA:2001:030 Date: Wednesday, September 5 2001 18:00 MEST Affected SuSE versions: 6.0, 6.1, 6.2 6.3, 6.4, 7.0, 7.1, 7.2 Vulnerability Type: local root compromise Severity 1-10: 5 SuSE default packag...
CVE-2001-1012
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/...
IrDA semiremote vulnerability
---- Win2k semi-remote DoS via IrDA Synopsis: There exists a "semi-remote" vulnerability against Windows machines via the IrDA port. The result of exploiting this vulnerability is the computer will crash, displaying a "Blue Screen of Death" BSOD, shortly followed by rebooting. As IrDA ports are...
Identix BioLogon Client security bug
Aug 3rd, 2001 10:56am Vendor: http://www.identix.com Software: BioLogon 2.0 Client see http://www.identix.com/itsecurity/softwareprod.html Security flaw in Indentix BioLogon 2.0 Client for Windows Identix's BioLogon software is used as the software "glue" to tie together various biometric devices...
CVE-2000-0901
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...
CVE-2000-0901
The vulnerability CVE-2000-0901 affects the screen program (versions 3.9.5 and earlier). It stems from a format string vulnerability in the vbell_msg initialization, enabling local users to gain root privileges. Exploitation details are not provided in the supplied documents, and a remediation/pa...
CVE-2000-0901
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbellmsg initialization variable...
CVE-2000-0946
Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization...
CVE-2000-0467
Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function...
CVE-2000-0467
The CVE-2000-0467 entry documents a buffer overflow in Linux splitvt 1.6.3 and earlier, enabling local users to gain root privileges via a long password in the screen locking function. Affected component: splitvt (Linux). Root cause: buffer overflow in password handling within screen lock. Impact...
Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service (MS00-070)
source: https://www.securityfocus.com/bid/1743/info LPC Local Procedure Call is a message-passing service that allows threads and processes to communicate with each other on a local machine as opposed to RPC Remote Procedure Call that takes place between different hosts. The implementation of LPC...
FreeBSD-SA-00:46.screen
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:46 Security Advisory FreeBSD, Inc. Topic: screen port contains local root compromise Category: ports Module: screen Announced: 2000-09-13 Affects: Ports collection prior...
Screen 3.9.5 vulnerability again.
Hi all as mentioned in previous postings, screen versions = 3.9.5 which are installed suid root are vulnerable to a malformed user supplied vbellmsg string attack. I looked at the source of screen-3.9.5 and found that the vulnerable call to Msg moved to another place and that there is no longer a...
Screen-3.7.6 local compromise
Hi ppl, as mentioned in other postings the screen package is vulnerbale to the classic format string attack. I attached a simple exploit and as far as I could investigate on Suse 6.1 with screen 3.7.6: the vulnerable function is Msgint err, char fmt, ... which is invoked with the value of the...