10 matches found
FreeBSD : Mutiple browser frame injection vulnerability (641859e8-eca1-11d8-b913-000c41e2cdad)
A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports : The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a...
kdelibs4, rekonq -- input validation failure
KDE Security Advisory reports: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a...
KDM -- local privilege escalation vulnerability
KDE Security Advisory reports: KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. A local attacker with a valid local account can under certain circumstanc...
kdebase -- Kate backup file permission leak
A KDE Security Advisory explains: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by othe...
[KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: Buffer overflow in fliccd of kdeedu/kstars/indi Original Release Date: 2005-02-15 URL: http://www.kde.org/info/security/advisory-20050215-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011 1. Systems...
[KDE security advisory] Multiple integer overflows in kpdf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: kpdf integer overflows Original Release Date: 2004-10-21 URL: http://www.kde.org/info/security/advisory-20041021-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888...
kdelibs -- konqueror cross-domain cookie injection
According to a KDE Security Advisory: WESTPOINT internet reconnaissance services alerted the KDE security team that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. Web sites operating under the affected domains can set HTTP...
kdelibs insecure temporary file handling
According to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files...
Mandrake Linux Security Advisory : kde (MDKSA-2003:004-1)
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this da...
KDE Security Advisory: PS/PDF file handling vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: PS/PDF file handling vulnerability Original Release Date: 2003-04-09 URL: http://www.kde.org/info/security/advisory-20030409-1.txt 0. References http://bugs.kde.org/showbug.cgi?id=53157 http://bugs.kde.org/showbug.cgi?id=53343...