2262 matches found
CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to 1 child processes created with and 2 child processes that call the CreateProcess function and are executed with or end with the CFX extension...
CVE-2001-1551
Linux kernel 2.2.19 enables CAPSYSRESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs...
CVE-1999-1564
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service panic with a large number accesses of an NFS v3 mounted directory from a large number of processes...
PT-2001-2370 · Microsoft · Windows 2000
Name of the Vulnerable Software and Affected Versions: Windows 2000 Description: The issue concerns the Task Manager in Windows 2000, which does not allow local users to end certain processes via the Process tab. Specifically, processes with uppercase letters in their names, such as winlogon.exe,...
Microsoft Windows Server 2000 - Debug Registers
Microsoft Windows Server 2000 - Debug Registers // source: https://www.securityfocus.com/bid/2764/info A vulnerability exists in the handling of debug registers in Windows 2000. It is possible for unprivileged processes to create breakpoints for arbitrary processes. This can be used to 'kill'...
CVE-2000-1143
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system...
ml2 - Local users can Crash processes
ml2 - Local users can Crash processes include include include include error int mainint argc, char argv char foo1000; char bigmsg10000; char s, holds; int i = 0; memsetbigmsg, 'X', sizeofbigmsg-1; if argc \n", argv0; exit1; // fork; memsetfoo, 0, sizeoffoo; snprintffoo, sizeoffoo, "/proc/%s/stat"...
ml2 - Local users can Crash processes
include include include include error int mainint argc, char argv char foo1000; char bigmsg10000; char s, holds; int i = 0; memsetbigmsg, 'X', sizeofbigmsg-1; if argc \n", argv0; exit1; // fork; memsetfoo, 0, sizeoffoo; snprintffoo, sizeoffoo, "/proc/%s/stat", argv1; while accessfoo, FOK == 0 s =...
ManTrap 1.6.1 - Hidden Process Disclosure
ManTrap 1.6.1 - Hidden Process Disclosure // source: https://www.securityfocus.com/bid/1908/info ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an...
CVE-2000-0880
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file...
CVE-2000-0251
HP-UX 11.04 VirtualVault VVOS sends data to unprivileged processes via an interface that has multiple aliased IP addresses...
CVE-2000-0251
HP-UX 11.04 VirtualVault (VVOS) is affected by CVE-2000-0251. The issue involves VVOS sending data to unprivileged processes via an interface that has multiple aliased IP addresses. This exposes sensitive data to unprivileged processes, with the documented impact indicating partial integrity comp...
CVE-1999-0187
...
CVE-1999-0226
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service...
CVE-1999-0992
HP VirtualVault with the PHSS17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy TGP...
SCO Unixware 7.07.0.17.17.1.1 - coredump Symlink
SCO Unixware 7.07.0.17.17.1.1 - coredump Symlink source: https://www.securityfocus.com/bid/851/info Under certain versions of SCO UnixWare if a user can force a program with SGID Set Group ID to dump core they may launch a symlink attack by guessing the PID Process ID of the SGID process which th...
ipop3d.4.xx.lockfile.DoS.txt
Date: Sun, 7 Mar 1999 01:41:25 +0100 From: Michal Zalewski Lockfile vunerability in ipop3d 4.xx The problem is probably well known, but silently ignored by pine vendors. Unfortunately, it's possible to turn 'mostly harmless feature' in something nasty - following code allows various DoSes by...
CVE-1999-0226
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service...
CVE-1999-0780
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file...
FreeBSD-SA-96:01.sliplogin
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-96:01 Security Advisory Revised: Wed May 22 00:18:51 PDT 1996 FreeBSD, Inc. Topic: sliplogin unauthorized access vulnerability Category: core Module: sliplogin Announced:...