/dev/posts/

Arbitrary code execution through kitty-open.desktop file association

Published:

In Debian kitty package, the kitty-open.desktop file would associate kitty +open with several MIME types. This could be used to arbitrary trigger code execution by serving a file with such a MIME type.

This has been introduced in kitty in 73a197fcd (2022-02-06) released as part of v0.24.3. This has been fixed in v0.26.5-5 of the Debian kitty package. Fixed upstream in 537cabca7 released in v0.29.0. Other distributions such as Ubuntu Lunar are still impacted.

Read more…

Shell command and Emacs Lisp injection in emacsclient-mail.desktop

Published:

Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto: URI.

Read more…

Arbitrary file write in Stellarium file association

Published:

I found an arbitrary file write vulnerability (through path traversal) which would be exploited for arbitrary code execution in Stellarium (desktop version).

Read more…

MIME-type spoofing in Firefox/Thunderbird and file managers

Published:

An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.

Read more…

Code execution through MIME-type association of Mono interpreter

Published:

A dangerous file type association in Debian which could be used to trigger arbitrary code execution.

Read more…

OAuth 2.x and OpenID Connect sequence diagrams

Published:

Some sequence diagrams about OAuth 2.x and OpenID Connect.

Read more…

Entering in Podman containers

Published:

Some commands for interacting with the namespaces of Podman containers.

Read more…

Impact of the different Wifi security modes

Published:

Comparing the different Wifi/WPA authentication and key distribution methods (PSK, EAP, SEA).

Read more…

Browser-based attacks on WebDriver implementations

Published:

Some context and analysis about attacks on in WebDriver implementations.

Read more…

Lack of X.509 TLS certificate validation in OWASP ZAP

Published:

Lack of X.509 TLS certificate validation in OWASP ZAP (Zed Attack Proxy) could be used for man-in-the-middle attacks.

Read more…

Page 1 of 3 | | | JSON Feed | Atom Feed