PT-2026-28284

Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description The issue involves an unquoted service path in Small HTTP Server. Specifically, the vulnerability affects the executable located at 'C:Program Files x86shttps mghttp.exe service'. This...

SUSE CVE-2003-0740

Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen, which allows local users to hijack the Stunnel server...

SUSE CVE-2008-1142

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...

SUSE CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

CVE-2021-25381

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P9.0 and below, and 12.1.1.3 in Android Q10.0 and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...

CVE-2021-25373

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O8.x, 2.4.03.0 in Android P9.0, 2.7.02.1 in Android Q10.0 and 2.9.01.1 in Android R11.0 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...

CVE-2015-7543

CVE-2015-7543 affects aRts 1.5.10 and kdelibs3 3.5.10 and earlier. The issue stems from insecure creation of temporary directories, allowing a local attacker to hijack IPC by pre-creating the temporary directory. Several advisories note this vulnerability and provide patches/remediations: SUSE-SU...

Input validation

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ttytickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another...

CVE-2013-2776

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ttytickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another...

sudo: bypass of tty_tickets constraints

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...

openssh may set DISPLAY even if it's unable to listen on respective port

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 IPv4 and sniffing a cookie sent by Emacs...

CVE-2003-0740

Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen, which allows local users to hijack the Stunnel server...

DEBIAN-CVE-2003-0740

Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen, which allows local users to hijack the Stunnel server...