exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 69 RSS Feed

Files

KDELibs 4.3.3 Remote Array Overrun
Posted Nov 20, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

KDE KDELibs version 4.3.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-0689
SHA-256 | 6f52b93fb01923395e9e086f5499f4f495580fa36af7131b1bed3d92eb179b44

Related Files

Red Hat Security Advisory 2020-2833-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2833-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-14744
SHA-256 | cfe2f776112741a228438beaae6abbb11c05570959579901ea81fc916f2d8906
Red Hat Security Advisory 2019-2606-01
Posted Sep 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2606-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-14744
SHA-256 | 02b63b8a2f7fb8a8aad16a025ce384a5871d50f08e63d4bc9589b940af7f2df9
Slackware Security Advisory - kdelibs Updates
Posted Aug 8, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kdelibs packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-14744
SHA-256 | 04bdc9d7b65ab63d35b69b934b1ca950c4ad2e98b980fef98a3dc3026cbb85ce
Red Hat Security Advisory 2019-2141-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2141-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. The kde-workspace packages consist of components providing the KDE graphical desktop environment. A sanitization issue was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-6790
SHA-256 | 23a8ac403fdc51ded6ffe0efef04d5be57f068bc7ae59ac40c6b7da3f9b60104
Gentoo Linux Security Advisory 201706-29
Posted Jun 27, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-29 - A vulnerability in KAuth and KDELibs allows local users to gain root privileges. Versions less than 5.29.0-r1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-8422
SHA-256 | a6514831f6193a3f2e7d37397a2b49bbba61c57093e95e6c2e2f5f26c55d9602
Red Hat Security Advisory 2017-1264-01
Posted May 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1264-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix: A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application.

tags | advisory, local, root, spoof
systems | linux, redhat
advisories | CVE-2017-8422
SHA-256 | 55b5ec56d5fdf924706e71ec4e094f503df4e61144152b03ddfde919983c2a85
Slackware Security Advisory - kdelibs Updates
Posted May 17, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kdelibs packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-8422
SHA-256 | e3d0280e7fe50b6079f3099a89014076b13b7fc7c1d0fb595e3667c25d2a70d6
Red Hat Security Advisory 2014-1359-01
Posted Oct 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1359-01 - Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent, which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-5033
SHA-256 | 0fee47ca432cafc7ca8247b552b997a272c16bd14b4202c52afa29007073c237
Secunia Security Advisory 51375
Posted Nov 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for kdelibs4. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | d9eab274cb0523fff48c2902fd983b2caeb7bad193efe9689cd81ed273e34fd5
Secunia Security Advisory 51145
Posted Oct 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for kdelibs. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | 3945bcc7b1916024c53e6a43b335fd80972b6f29cc98268ff7df0ca10ef63ef8
Red Hat Security Advisory 2012-1416-01
Posted Oct 30, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1416-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4512, CVE-2012-4513
SHA-256 | 101cacfd82c7dac3ea6d3f99a4197eed000e0c42051e56aed16c17208f1c73a8
Red Hat Security Advisory 2012-1418-01
Posted Oct 30, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1418-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4512, CVE-2012-4513
SHA-256 | 6582863cde9c49a0e0bc85184224c6048197a56271a1b5c82822fe8778621d7f
Mandriva Linux Security Advisory 2011-162
Posted Nov 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-162 - KDE KSSL in kdelibs does not properly handle a NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. The updated packages have been patched to correct these issues.

tags | advisory, web, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-2408, CVE-2009-2702, CVE-2011-3365
SHA-256 | 0b381d0e6a6306be9feffb69a83c5e196277a065e827c68c9a869e6303be4f3d
Red Hat Security Advisory 2011-1385-01
Posted Oct 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1385-01 - The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2011-3365
SHA-256 | 93d3a041d26b448ebf9aa48719ed1b488137fda9ab4c9f89b9db8e97b49be46d
Secunia Security Advisory 46439
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for kdelibs4. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, suse
SHA-256 | 37add28fa6e3b3598a7a02d8150deb82c20b2edbf03953e01ffa5be872db4cd6
Secunia Security Advisory 46383
Posted Oct 12, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, redhat
SHA-256 | 195b42dade2a6732c1bb59bc63deab3cc79046248d39055517332690c64d1edd
Red Hat Security Advisory 2011-1364-01
Posted Oct 12, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1364-01 - The kdelibs packages provide libraries for the K Desktop Environment. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2011-3365
SHA-256 | 42d57e16e44097171470596df1e3290bdb422e02da5b6b0fb5d50caa9a857888
Secunia Security Advisory 44586
Posted May 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for kdelibs4. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, suse
SHA-256 | 90cc409c5ef126317e1f62329dc56c6756d533da537d3422512b64590d9d8df9
Secunia Security Advisory 44270
Posted Apr 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, fedora
SHA-256 | 20e6dbe2a72a3186e2d760ab7cef14a29dd2f5e85c7f7a65207a15ae2d15a86f
Secunia Security Advisory 44330
Posted Apr 22, 2011
Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

SHA-256 | bdf9f6db17533145a059a4db67c851b5bd43a369fe47aa60caa8f32ed520d387
Secunia Security Advisory 44330
Posted Apr 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, redhat
SHA-256 | bdf9f6db17533145a059a4db67c851b5bd43a369fe47aa60caa8f32ed520d387
Mandriva Linux Security Advisory 2011-071
Posted Apr 8, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-071 - kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. Additionally it was discovered that kdelibs4 for 2009.0 was using an old private copy of the ca-bundle.crt file containing the root CA certs, this has now been resolved so that it uses the system wide and up to date /etc/pki/tls/certs/ca-bundle.crt file last updated with the MDVSA-2011:068 advisory.

tags | advisory, arbitrary, root, spoof
systems | linux, mandriva
advisories | CVE-2011-1094
SHA-256 | ca74073a54bdf3fa6ed44368aeb87bf7fa79b29e76ea5a6dff0258a6cfd9f7fd
Secunia Security Advisory 38624
Posted Feb 24, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
systems | linux, debian
SHA-256 | 3c7df3eeddeee9e5723713910d8b429b94a45ebc5528e6cb463823a79bc69310
Mandriva Linux Security Advisory 2010-028
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof
systems | linux, netbsd, freebsd, openbsd, mandriva
advisories | CVE-2009-2702, CVE-2009-2537, CVE-2009-0689
SHA-256 | bcbed668507255178c552af90eaf168b462be20aa49012dc6e3325cff54e5b26
Mandriva Linux Security Advisory 2010-027
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, javascript
systems | linux, netbsd, windows, freebsd, openbsd, apple, osx, mandriva, iphone
advisories | CVE-2009-2702, CVE-2009-1687, CVE-2009-1725, CVE-2009-1690, CVE-2009-1698, CVE-2009-2537, CVE-2009-0689, CVE-2009-0945
SHA-256 | 701ad2e7099f449e19e82471a31b95691ff8ff843d3d5029da766636d5585359
Page 1 of 3
Back123Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close