what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files from KDE Desktop

Email addresssecurity at kde.org
First Active2003-09-18
Last Active2007-03-28
KDE Security Advisory 2007-03-26.1
Posted Mar 28, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.

tags | advisory, javascript
advisories | CVE-2007-1564
SHA-256 | 11a8b2185f26494437aee4a5b794dd9dfc7df3072b51c8db1a96b3d190915204
KDE Security Advisory 2007-01-15.1
Posted Jan 20, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause denial of service (infinite loop) via a PDF file that contains a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.

tags | advisory, denial of service
advisories | CVE-2007-0104
SHA-256 | 42812a15864105269027b14064b13deb20beeca385431654ec9eb079ccaf20c4
KDE Security Advisory 2007-01-09.1
Posted Jan 13, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - On 2006-12-27, a proof of concept for arbitrary code execution in ksirc was published by Federico L. Bossi Bonin. The published exploit triggers an assertion in ksirc and results in a a NULL pointer dereference (crash) for non-debug builds.

tags | advisory, arbitrary, code execution, proof of concept
advisories | CVE-2006-6811
SHA-256 | bbe226f8526b19cff802b45793648da93e38d02f08a6eb41783cd101bf62423d
KDE Security Advisory 2006-12-04.1
Posted Dec 6, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.

tags | advisory, overflow
systems | linux, ubuntu
advisories | CVE-2006-6120
SHA-256 | 5e616116d126762e0386e401b5ffeb2270a95ffca025fe458d9dd87fc7b1f07b
KDE Security Advisory 2006-06-14.1
Posted Jun 21, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. Affected is KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected.

tags | advisory
advisories | CVE-2006-2449
SHA-256 | 493de7dce7242b287dcc692387f2a132843559e38ab67417468d28a46688fab2
KDE Security Advisory 2006-02-02.1
Posted Feb 4, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2006-0301
SHA-256 | 1f20afd94b18f6fc594be62838d3e05a81cc8ec24978c70320608b5cd0e814d8
KDE Security Advisory 2005-12-07.1
Posted Dec 14, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193
SHA-256 | 0cee893dafaf137d0d32568c4d2e63ba6261d97c0a2ff9d758266004c900237b
KDE Security Advisory 2005-10-11.1
Posted Oct 12, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. Opening specially crafted RTF files in KWord can cause execution of arbitrary code. Affected are all KOffice releases starting from KOffice 1.2.0 up to and including KOffice 1.4.1.

tags | advisory, overflow, arbitrary
advisories | CVE-2005-2971
SHA-256 | d4ff9986f62282d33972361b743f867876d6b8bc485e2d9d18a63c4368ccba80
KDE Security Advisory 2005-09-05.1
Posted Sep 7, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass. Affected are all KDE releases starting from KDE 3.2.0 up to including KDE 3.4.2.

tags | advisory, root
advisories | CVE-2005-2494
SHA-256 | e4126780e1718411fc8d987b510d320c1017a094f233983191e32430a74092d1
KDE Security Advisory 2005-08-09.1
Posted Aug 11, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that causes it to write a file in $TMPDIR with almost infinite size, which can severly impact system performance. Systems affected are KDE 3.3.1 up to and including KDE 3.4.1.

tags | advisory
advisories | CVE-2005-2097
SHA-256 | 2be88a931bccf813356cdff44b2770b38780fa147899f88ce3aa27638c7b3866
KDE Security Advisory 2005-07-21.1
Posted Jul 22, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Kopete contains a copy of libgadu that is used if no compatible version is installed in the system. Several input validation errors have been reported in libgadu that can lead to integer overflows and remote DoS or arbitrary code execution. All versions of Kopete as included in KDE 3.3.x up to including 3.4.1 are affected. KDE 3.2.x and older are not affected.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2005-1852
SHA-256 | 027346c8598e574fe798a52a6591511bfa26e78e5c41c50df090371a163a0bde
KDE Security Advisory 2005-07-18.1
Posted Jul 19, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by other users. All maintained versions of Kate and Kwrite as shipped with KDE 3.2.x up to including 3.4.0. KDE 3.1.x and older and KDE 3.4.1 and newer are not affected.

tags | advisory
advisories | CVE-2005-1920
SHA-256 | 4d95c4fecfc491d82b51de3f8a19f89ae29adc0d27944b76e89e62661e35a65d
KDE Security Advisory 2005-04-21.1
Posted Jun 1, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2005-1046
SHA-256 | 541b770d166d535ed31873d7fc040185169e96ce83b2851ceec63ccf5120c5fe
KDE Security Advisory 2005-04-20.1
Posted Jun 1, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2005-0754
SHA-256 | 15c0b15e1f97fffefbb19b6f2354efaea247f2f23d0219684a0be903991619c5
KDE Security Advisory 2005-03-16.1
Posted Mar 22, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol (DCOP) daemon better known as dcopserver. Systems affected: All KDE version prior to KDE 3.4 on systems where multiple users have access.

tags | advisory, denial of service, local, protocol
systems | linux, suse
advisories | CVE-2005-0396
SHA-256 | 4f12cb84df4ea525e8d75fed62c1760952046451f23e18cde30ede4ba590c810
KDE Security Advisory 2005-02-15.1
Posted Feb 25, 2005
Authored by KDE Desktop | Site cve.mitre.org

KDE Security Advisory: The fliccd binary, when installed suid root, is susceptible to various stack overflows that allow for privilege escalation.

tags | advisory, overflow, root
SHA-256 | 53f9d6c926d6c422e9bb5f1534c99d3014efb5c7eeb48ef4e09227b1bc874c15
KDE Security Advisory 2005-01-19.1
Posted Jan 25, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.

tags | advisory, overflow
advisories | CVE-2005-0064
SHA-256 | 6b15ccf0b7bec83aa5472d69ac47e0982d0440956056b53788eaaf87744463e3
KDE Security Advisory 2005-01-01.1
Posted Jan 5, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session. Due to similarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email. Systems affected: All KDE releases up to including KDE 3.3.2.

tags | advisory, remote, arbitrary, protocol
advisories | CVE-2004-1165
SHA-256 | 4429ce691dd6dfc1eb15fafba3e0a37e86e5eae8b2d37f239250facce7ba3781
KDE Security Advisory 2004-12-23.1
Posted Dec 31, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.

tags | advisory, overflow
advisories | CVE-2004-1125
SHA-256 | 34a96e4ccfc6bc38f130061fe7d69adb1d54fb95e91f6eb8ea657e2605e23145
KDE Security Advisory 2004-12-20.1
Posted Dec 30, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets. One flaw allows access to restricted Java classes via JavaScript, making it possible to escalate the privileges of the Java-applet. The other problem is that Konqueror fails to correctly restrict access to certain Java classes from the Java-applet itself. All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not affected.

tags | advisory, javascript
advisories | CVE-2004-1145
SHA-256 | 2ed5ada9061438c8f6796da3847fe6c906ed5e2cd6dc24c94bc73b1a1b3d2856
KDE Security Advisory 2004-12-13.1
Posted Dec 30, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: The Konqueror web browser allows websites to load web pages into a window or tab currently used by another website. This vulnerability is similar to the Konqueror Frame Injection Vulnerability reported on 2004-08-11 but the solution offered as part of that advisory did not cover the window case. All versions of KDE up to KDE 3.3.2 inclusive.

tags | advisory, web
advisories | CVE-2004-1158
SHA-256 | bd90944bc6fea53957f0d736a631e5f342fff46772ca4a399b462dae49e662f3
KDE Security Advisory 2004-08-23.1
Posted Aug 24, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - Konqueror suffers from a Cross-Domain Cookie Injection vulnerability.

tags | advisory
advisories | CVE-2004-0746
SHA-256 | b677033eae041feccfc0d629be666a7a4a676bbb34a2b617d81f358a7e7b56b9
KDE Security Advisory 2004-08-11.3
Posted Aug 12, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The Konqueror webbrowser allows websites to load webpages into a frame of any other frame-based webpage that the user may have open. A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.

tags | advisory
advisories | CVE-2004-0721
SHA-256 | b7ff3009fd3623b629ad1c23d4c939e8d8d86da8e264bc838bb07aa33d69cf78
KDE Security Advisory 2004-08-11.2
Posted Aug 12, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The Debian project was alerted that KDE's DCOPServer creates temporary files in an insecure manner. Since the temporary files are used for authentication related purposes this can potentially allow a local attacker to compromise the account of any user which runs a KDE application. Affected are version KDE 3.2.x up to KDE 3.2.3 inclusive.

tags | advisory, local
systems | linux, debian
advisories | CVE-2004-0690
SHA-256 | 650cf7c1856dd61b02738370add6ac1637635e590a07b095095cc7e81d599a31
KDE Security Advisory 2004-08-11.1
Posted Aug 12, 2004
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The SUSE security team was alerted that in some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locations. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (Denial of Service). All versions of KDE up to KDE 3.2.3 inclusive.

tags | advisory, denial of service, arbitrary, local
systems | linux, suse
advisories | CVE-2004-0689
SHA-256 | ca4d4d4bce4848177851839010191e887247b3048ad18fc61311b63b0761a215
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close