152 matches found
K15904: Multiple third-party application-server vulnerabilities
Security Advisory Description CVE-2003-1418 Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child proccess IDs PID. CVE-2004-2320 The...
CVE-2021-46787
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash...
CVE-2021-46787
Summary: CVE-2021-46787 affects the AMS module of Huawei/HarmonyOS, where an improper permission control could let non-system processes crash. The vulnerability is documented across multiple feeds (including OSV Ubuntu, CNVD, CNNVD, and Nessus plugins) with consistent description of the AMS modul...
CVE-2021-46787
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash...
HUAWEI HarmonyOS Privilege Control Error Vulnerability
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS system application, which stems from an improper privilege control vulnerability...
Huawei Smartphone out-of-bounds read vulnerability
Huawei Smartphone is a cell phone product launched by Huawei. Huawei Smartphone is vulnerable to an out-of-bounds read vulnerability in Huawei HarmonyOS, which is an all-scenario distributed operating system for the Internet of Everything. The vulnerability stems from an out-of-bounds read...
Improper access control
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0,...
CVE-2021-21737
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0,...
Authentication flaw
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...
CVE-2016-3889
Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing 1 an external tile from a system application, 2 the help feature, or 3 the Settings application during a pre-setup stage, aka...
Design/Logic Flaw
Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing 1 an external tile from a system application, 2 the help feature, or 3 the Settings application during a pre-setup stage, aka...
Android Mediaserver Privilege Mobilization Vulnerability (CNVD-2016-02846)
Android is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA, of which Mediaserver is a multimedia service component. A power-up vulnerability exists in Android's Mediaserver, which can be exploited by a local attacker with the help of a malicious...
Android Recovery Procedure Elevation of Privilege Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, of which Recovery Procedure is one of the recovery process modules. An elevation of privilege vulnerability exists in Android's Recovery Procedure. A local attacker could exploit...
Sun Java System Application Server 8.1 / 8.2 DoS
The version of Sun Java System Application Server installed on the remote host is affected by an unspecified vulnerability related to the COBRA ORB subcomponent that could allow a remote attacker to cause a loss of availability. C Tenable Network Security, Inc. include"compat.inc"; if description...
Sun/Oracle GlassFish Server Authenticated Code Execution
No description provided by source. $Id: glassfishdeployer.rb 13485 2011-08-04 17:36:01Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Sun Java System Application Server 7.0/8.0 - Remote Installation Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10424/info It is reported that Java System Application Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the application to properly filter user requests. Successful...
Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (2949660)
This host is missing a critical security update according to Microsoft Bulletin MS14-017. OpenVAS Vulnerability Test $Id: gbmswordviewms14-017.nasl 7000 2017-08-24 11:51:46Z teissa $ Microsoft Office Word Viewer Remote Code Execution Vulnerabilities 2949660 Authors: Antu Sanadi Copyright: Copyrig...
Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
This host is missing a critical security update according to Microsoft Bulletin MS14-013. OpenVAS Vulnerability Test $Id: gbms14-013.nasl 6715 2017-07-13 09:57:40Z teissa $ Microsoft DirectShow Remote Code Execution Vulnerability 2929961 Authors: Veerendra GG Copyright: Copyright C 2014 Greenbone...
Sun/Oracle GlassFish Server Authenticated Code Execution
This module logs in to a GlassFish Server Open Source or Commercial using various methods such as authentication bypass, default credentials, or user-supplied login, and deploys a malicious war file in order to get remote code execution. It has been tested on Glassfish 2.x, 3.0, 4.0 and Sun Java...
MS Office Compatibility Pack Remote Code Execution Vulnerabilities (2885084)
This host is missing an important security update according to Microsoft Bulletin MS13-086. OpenVAS Vulnerability Test $Id: secpodmscompatpackms13-086.nasl 6104 2017-05-11 09:03:48Z teissa $ MS Office Compatibility Pack Remote Code Execution Vulnerabilities 2885084 Authors: Antu Sanadi Copyright:...