Ubuntu 16.04 LTS / 18.04 LTS : KConfig and KDE libraries vulnerabilities (USN-4100-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4100-1 advisory. It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and...

Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code

A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files. Requirements Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on...

Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394

Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...

Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394

Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...

CVE-2019-1211

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated attacker would ne...

Privilege escalation

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files, aka 'Git for Visual Studio Elevation of Privilege Vulnerability'...

Git for Visual Studio Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated attacker would ne...

CVE-2019-14744

A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...

KDE Frameworks KConfig Execution Command Vulnerability

KDE Frameworks is a collection of technical base libraries and software frameworks for KDE applications from the KDE community. kConfig is one of the high-level configuration systems, which is mainly used to manage configurations in KDE Frameworks and generate configuration files. A security...

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

Code injection

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

KDE Frameworks -- malicious .desktop files execute code

The KDE Community has released a security announcement: The syntax Key$e=$shell command in .desktop files, .directory files, and configuration files typically found in /.config was an intentional feature of KConfig, to allow flexible configuration. This could however be abused by malicious people...

CVE-2017-18452

cPanel before 64.0.21 allows code execution via Rails configuration files SEC-259...

CVE-2017-18452

cPanel before 64.0.21 allows code execution via Rails configuration files SEC-259...

CVE-2017-18452

CVE-2017-18452 affects cPanel before 64.0.21. The vulnerability allows code execution via Rails configuration files (SEC-259). Connected documents corroborate the issue across multiple sources (Red Hat, CNVD, NVD, CVE records). No additional exploit details, affected component versions beyond the...

BSA-2019-842

Security Advisory ID : BSA-2019-842 Component : OpenSSL Revision : 1.0: Initial OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is...

Arbitrary File Read Vulnerability in Ctcms v2.0.2

Ctcms video system Ctcms video system is a PHP + Mysql development of video management system. Ctcms v2.0.2 has an arbitrary file read vulnerability. An attacker can use this vulnerability to read critical system configuration files...