25 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-6842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for...
📄 Desktop XDG 1.0 Code Execution
This proof of concept generates a malicious file that allows for arbitrary code execution in Desktop XDG version 1.0. ============================================================================================================================================= | Title : Desktop XDG v1.0 Malicious...
EUVD-2023-31711
Malicious code in bioql PyPI...
Autostart Desktop Item Persistence
This module will create an autostart .desktop entry to execute a payload. The payload will be executed when the users logs in. Verified on Ubuntu 22.04 desktop with Gnome, and 18.04.3. The following payloads were used in testing: - cmd/unix/reversenetcat - linux/x64/meterpreter/reversetcp -...
Linux Distros Unpatched Vulnerability : CVE-2023-27985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of complian...
📄 Malicious XDG Desktop File
This Metasploit module creates a malicious XDG Desktop .desktop file. On most modern systems, desktop files are not trusted by default. The user will receive a warning prompt that the file is not trusted when running the file, but may choose to run the file anyway. The default file manager...
Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-134)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-134 advisory. emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry...
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
...
Shell Command Injection
emacs is vulnerable to Shell Command Injection. An attacker can inject and execute malicious code through the crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification...
SUSE CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
A flaw was found in the Emacs text editor. When opened with emacsclient-mail.desktop, a crafted mailto URI can result in shell command injection due to lack of compliance with the Desktop Entry Specification...
DEBIAN-CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
AZL-25581 CVE-2023-27985 affecting package emacs for versions less than 28.2-4
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
Command injection
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
UBUNTU-CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
CVE-2023-27985 affects Emacs up to version 28.2, specifically emacsclient-mail.desktop, where a crafted mailto: URI enables shell command injections due to Desktop Entry Specification noncompliance. The issue is documented as fixed in Emacs 29.0.90. Affected products/versions inferred from multip...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...