Twenty Year Anniversary
Showing 1 - 25 of 27 RSS Feed

Files from KDE Desktop

Email addresssecurity at kde.org
First Active2003-09-18
Last Active2007-03-28
KDE Security Advisory 2007-03-26.1
Posted Mar 28, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.

tags | advisory, javascript
advisories | CVE-2007-1564
MD5 | e41d0dae2db60f0e276e0faac260dac9
KDE Security Advisory 2007-01-15.1
Posted Jan 20, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause denial of service (infinite loop) via a PDF file that contains a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.

tags | advisory, denial of service
advisories | CVE-2007-0104
MD5 | 95c0d517b8844c6347f9d9e5a09bbab7
KDE Security Advisory 2007-01-09.1
Posted Jan 13, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - On 2006-12-27, a proof of concept for arbitrary code execution in ksirc was published by Federico L. Bossi Bonin. The published exploit triggers an assertion in ksirc and results in a a NULL pointer dereference (crash) for non-debug builds.

tags | advisory, arbitrary, code execution, proof of concept
advisories | CVE-2006-6811
MD5 | 73ea504d4316742e96a7fb34d2963443
KDE Security Advisory 2006-12-04.1
Posted Dec 6, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.

tags | advisory, overflow
systems | linux, ubuntu
advisories | CVE-2006-6120
MD5 | c18e632bb7ac947a47aa6c2371282695
KDE Security Advisory 2006-06-14.1
Posted Jun 21, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. Affected is KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected.

tags | advisory
advisories | CVE-2006-2449
MD5 | 49bc86edbf7af81808abb7af3ac8b2a9
KDE Security Advisory 2006-02-02.1
Posted Feb 4, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2006-0301
MD5 | d998d67b34231936e4c00b7ed9c44fb8
KDE Security Advisory 2005-12-07.1
Posted Dec 14, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193
MD5 | 70bc3128815f61c9d3e67b94207ac5d0
KDE Security Advisory 2005-10-11.1
Posted Oct 12, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. Opening specially crafted RTF files in KWord can cause execution of arbitrary code. Affected are all KOffice releases starting from KOffice 1.2.0 up to and including KOffice 1.4.1.

tags | advisory, overflow, arbitrary
advisories | CVE-2005-2971
MD5 | d886f746eff49f671e481888b9e41830
KDE Security Advisory 2005-09-05.1
Posted Sep 7, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass. Affected are all KDE releases starting from KDE 3.2.0 up to including KDE 3.4.2.

tags | advisory, root
advisories | CVE-2005-2494
MD5 | 2f799c86d5359108883fcca9799ce9c4
KDE Security Advisory 2005-08-09.1
Posted Aug 11, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that causes it to write a file in $TMPDIR with almost infinite size, which can severly impact system performance. Systems affected are KDE 3.3.1 up to and including KDE 3.4.1.

tags | advisory
advisories | CVE-2005-2097
MD5 | db0cea06359148279659c10397cce515
KDE Security Advisory 2005-07-21.1
Posted Jul 22, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Kopete contains a copy of libgadu that is used if no compatible version is installed in the system. Several input validation errors have been reported in libgadu that can lead to integer overflows and remote DoS or arbitrary code execution. All versions of Kopete as included in KDE 3.3.x up to including 3.4.1 are affected. KDE 3.2.x and older are not affected.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2005-1852
MD5 | 6501bb5db4bff1d0c1010613d599b16c
KDE Security Advisory 2005-07-18.1
Posted Jul 19, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by other users. All maintained versions of Kate and Kwrite as shipped with KDE 3.2.x up to including 3.4.0. KDE 3.1.x and older and KDE 3.4.1 and newer are not affected.

tags | advisory
advisories | CVE-2005-1920
MD5 | f7346e280ce9a768445fd5983b052faf
KDE Security Advisory 2005-04-21.1
Posted Jun 1, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2005-1046
MD5 | 7bb96ff48b232106a11fc4577e281669
KDE Security Advisory 2005-04-20.1
Posted Jun 1, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2005-0754
MD5 | abf1b939e8330ae965e85355160a55e7
KDE Security Advisory 2005-03-16.1
Posted Mar 22, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol (DCOP) daemon better known as dcopserver. Systems affected: All KDE version prior to KDE 3.4 on systems where multiple users have access.

tags | advisory, denial of service, local, protocol
systems | linux, suse
advisories | CVE-2005-0396
MD5 | 306be3b111f82a63bcc81f34ca6e27d9
KDE Security Advisory 2005-02-15.1
Posted Feb 25, 2005
Authored by KDE Desktop | Site cve.mitre.org

KDE Security Advisory: The fliccd binary, when installed suid root, is susceptible to various stack overflows that allow for privilege escalation.

tags | advisory, overflow, root
MD5 | a87caaad34957e1b96ca131acf1569e1
KDE Security Advisory 2005-01-19.1
Posted Jan 25, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.

tags | advisory, overflow
advisories | CVE-2005-0064
MD5 | b7b4f16ff682f16cd939540fa0a3c192
KDE Security Advisory 2005-01-01.1
Posted Jan 5, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session. Due to similarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email. Systems affected: All KDE releases up to including KDE 3.3.2.

tags | advisory, remote, arbitrary, protocol
advisories | CVE-2004-1165
MD5 | 3af2dd0e12572e297f77d9a3106813fb
KDE Security Advisory 2004-12-23.1
Posted Dec 31, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.

tags | advisory, overflow
advisories | CVE-2004-1125
MD5 | 4cc8f052407c343665cb29f837bd73a6
KDE Security Advisory 2004-12-20.1
Posted Dec 30, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets. One flaw allows access to restricted Java classes via JavaScript, making it possible to escalate the privileges of the Java-applet. The other problem is that Konqueror fails to correctly restrict access to certain Java classes from the Java-applet itself. All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not affected.

tags | advisory, javascript
advisories | CVE-2004-1145
MD5 | 06097183c8b1a9e1d053061955ca4e44
KDE Security Advisory 2004-12-13.1
Posted Dec 30, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: The Konqueror web browser allows websites to load web pages into a window or tab currently used by another website. This vulnerability is similar to the Konqueror Frame Injection Vulnerability reported on 2004-08-11 but the solution offered as part of that advisory did not cover the window case. All versions of KDE up to KDE 3.3.2 inclusive.

tags | advisory, web
advisories | CVE-2004-1158
MD5 | aedf90d9742b949b828604cd0432a405
KDE Security Advisory 2004-08-23.1
Posted Aug 24, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - Konqueror suffers from a Cross-Domain Cookie Injection vulnerability.

tags | advisory
advisories | CVE-2004-0746
MD5 | 20dd8cfea48eed3ff3a2e76f30cc6985
KDE Security Advisory 2004-08-11.3
Posted Aug 12, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The Konqueror webbrowser allows websites to load webpages into a frame of any other frame-based webpage that the user may have open. A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.

tags | advisory
advisories | CVE-2004-0721
MD5 | ebdde55dbc6bfb05aac19e72f83bee1c
KDE Security Advisory 2004-08-11.2
Posted Aug 12, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The Debian project was alerted that KDE's DCOPServer creates temporary files in an insecure manner. Since the temporary files are used for authentication related purposes this can potentially allow a local attacker to compromise the account of any user which runs a KDE application. Affected are version KDE 3.2.x up to KDE 3.2.3 inclusive.

tags | advisory, local
systems | linux, debian
advisories | CVE-2004-0690
MD5 | 586cb120613346465749ca546dd7eed2
KDE Security Advisory 2004-08-11.1
Posted Aug 12, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The SUSE security team was alerted that in some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locations. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (Denial of Service). All versions of KDE up to KDE 3.2.3 inclusive.

tags | advisory, denial of service, arbitrary, local
systems | linux, suse
advisories | CVE-2004-0689
MD5 | 5e936e04e596ff5e7b7f27abebeb6c7e
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    2 Files
  • 23
    Apr 23rd
    17 Files
  • 24
    Apr 24th
    13 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close