17 matches found
CVE-2026-62294
Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...
CVE-2026-62294
Flameshot prior to 14.0.0 is affected by a local TOCTOU race in the Open With feature. The software wrote screenshots to a predictable temporary path and followed symlinks, enabling a local unprivileged user on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through ...
EUVD-2026-44675
Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...
CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"
Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor
Impact A code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A...
CVE-2026-43943 electerm: RCE via malicious SSH server filename in openFileWithEditor
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...
CVE-2026-43943 electerm: RCE via malicious SSH server filename in openFileWithEditor
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...
PT-2026-39629
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description A symbolic-link path traversal issue exists in the pgAdmin 4 File Manager. The check access permission function utilized os.path.abspath, which resolves parent directory references '..' but fails to...
CVE-2023-53167
CVE-2023-53167: In the Linux kernel, tracing_err_log_open() can dereference file->private_data if opened with write permissions and then lseek is used, causing a kernel panic via mutex_lock -> seq_lseek. A fix was applied to tracing: Fix null pointer dereference in tracing_err_log_open() fo...
June 25, 2024—KB5039299 (OS Build 19045.4598) Preview
None None...
Security update for xawtv (moderate)
openSUSE Security Update: Security update for xawtv Announcement ID: openSUSE-SU-2020:0787-1 Rating: moderate References: 1171655 Cross-References: CVE-2020-13696 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update for...
Microsoft Windows: Turn off access to the Store
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association. When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to...
Firefox 3.5.3 - Local Download Manager Temp File Creation
No description provided by source. / getunique.c AKA Mozilla Firefox 3.5.3 Local Download Manager Exploit Jeremy Brown [email protected] // jbrownsec.blogspot.com // krakowlabs.com 10.28.2009 When downloading files through Firefox and choosing the Open with option, Firefox will create a...
Firefox 3.5.3 local download manager temp file creation
No description provided by source. / getunique.c AKA Mozilla Firefox 3.5.3 Local Download Manager Exploit Jeremy Brown [email protected] // jbrownsec.blogspot.com // krakowlabs.com 10.28.2009 When downloading files through Firefox and choosing the "Open with" option, Firefox will create a...
Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation
/ getunique.c AKA Mozilla Firefox 3.5.3 Local Download Manager Exploit Jeremy Brown [email protected] // jbrownsec.blogspot.com // krakowlabs.com 10.28.2009 When downloading files through Firefox and choosing the "Open with" option, Firefox will create a temporary file in the form of RANDOM.pa...
Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation
Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation / getunique.c AKA Mozilla Firefox 3.5.3 Local Download Manager Exploit Jeremy Brown [email protected] // jbrownsec.blogspot.com // krakowlabs.com 10.28.2009 When downloading files through Firefox and choosing the "Open with"...
Firefox 3.5.3 local download manager temp file creation
Exploit for unknown platform in category local exploits ======================================================= Firefox 3.5.3 local download manager temp file creation ======================================================= Title: Firefox 3.5.3 local download manager temp file creation CVE-ID:...