232 matches found
CVE-2022-32278
CVE-2022-32278 affects XFCE Exo (XFCE 4.16) where xdg-open can execute a .desktop file hosted on an attacker-controlled FTP server, enabling arbitrary code execution. Root cause: insecure handling of .desktop files in remote sources. Affected component: exo (XFCE library). Impact: remote code exe...
CVE-2022-32278
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server...
CVE-2022-32278
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server...
Xfce 安全特征问题漏洞
Xfce is a desktop environment for Unix and Unix-like operating systems such as Linux and FreeBSD by Olivier Fourdan, a personal developer. A security vulnerability exists in Xfce version 4.16, which originates from xdg-open that can be exploited to execute a .desktop file on an FTP server under t...
FreeBSD : XFCE -- Allows executing malicious .desktop files pointing to remote code (55cff5d2-e95c-11ec-ae20-001999f8d30b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 55cff5d2-e95c-11ec-ae20-001999f8d30b advisory. - XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on ...
XFCE -- Allows executing malicious .desktop files pointing to remote code
XFCE Project reports: Prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...
PT-2022-3524 · Exo +4 · Exo +4
Name of the Vulnerable Software and Affected Versions: XFCE version 4.16 Description: The issue allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. This is related to errors in security settings in the exo application libra...
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
An unpatched stored cross-site-scripting XSS security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, K...
Kali Linux 2021.1 - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2021.1. This release has various impressive updates. The summary of the changelog since the 2020.4 release from November 2020 is: Xfce 4.16 - Our preferred and current default desktop environment has been updated and tweaked KDE 5.20 - Plasma also...
Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates: A new default desktop environment, Xfce New GTK3 theme for Gnome and Xfce Introduction of “Kali Undercover” mode Kali Documentation has a new home and is now G...
Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers
You can relate this: While working on my laptop, I usually prefer sitting at a corner in the room from where no one should be able to easily stare at my screen, and if you're a hacker, you must have more reasons to be paranoid. Let's go undercover: If you're in love with the Kali Linux operating...
Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers
You can relate this: While working on my laptop, I usually prefer sitting at a corner in the room from where no one should be able to easily stare at my screen, and if you're a hacker, you must have more reasons to be paranoid. Let's go undercover: If you're in love with the Kali Linux operating...
CVE-2009-4642
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended...
Whonix v15 - Anonymous Operating System
Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP. Whonix consists of two parts: One...
SUSE SLED12 Security Update : libreoffice (SUSE-SU-2018:2485-2)
This update for libreoffice to 6.0.5.2 fixes the following issues : Security issues fixed : CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by...
CVE-2018-18398
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...
CVE-2018-18398
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...
DEBIAN-CVE-2018-18398
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...
Design/Logic Flaw
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...
UBUNTU-CVE-2018-18398
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...