524 matches found
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...
Code injection
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...
CVE-2019-14744
The CVE-2019-14744 issue affects KDE Frameworks KConfig prior to 5.61.0, specifically libKF5ConfigCore.so, where mishandling of .desktop and .directory files enables code execution with minimal user interaction. The vulnerability stems from how KConfig processes shell commands in desktop/config f...
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...
KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files
If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while. A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could...
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...
UBUNTU-CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...
List of Open Source C2 Post-Exploitation Frameworks
PenTestIT RSS Feed This post has been lying in my drafts for more than a year with edits all over. But two days ago, it was announced that Powershell Empire would no longer be supported by it's authors. Hence just like I curated a list of adversary emulation tools, I finalized this list of open...
PT-2019-3475 · Kde +5 · Kde Frameworks Kconfig +5
Name of the Vulnerable Software and Affected Versions: KDE Frameworks KConfig versions prior to 5.61.0 Description: The issue relates to the mishandling of .desktop and .directory files by libKF5ConfigCore.so, allowing code execution with minimal user interaction. This can be achieved by includin...
Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools
Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerati...
Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits
Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevente...
Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits
Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevente...
AndroidSecNotes
It is an offensive tool for Android. The repository contains learning notes about Android Security, specifically about the Android Runtime ART and its debugging tools. The notes cover the format of Dex files, the ART runtime, and the Hook framework. The notes mention the use of the "oatdump" tool...
June 11, 2019—KB4503293 (OS Build 18362.175)
June 11, 2019—KB4503293 OS Build 18362.175 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Notes: This release also contains updates for Microsoft HoloLens OS Build 18362.1020 released June 11, 2019. Microsoft will release an update...
CVE-2019-11687
An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems,...
CVE-2019-11687
An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems,...
January 15, 2019—KB4480976 (OS Build 17134.556)
January 15, 2019—KB4480976 OS Build 17134.556 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Edge that fails to trigger the focusin event if the focus even...
New Apache Web Server Bug Threatens Security of Shared Web Hosts
Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in...
February 12, 2019—KB4487023 (Monthly Rollup)
February 12, 2019—KB4487023 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4480974 released January 17, 2019 and addresses the following issues: Addresses an issue that may prevent applications that use a Microsoft Jet...