Shell command and Emacs Lisp injection in emacsclient-mail.desktop

Published: Jun 8 2023

Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto: URI.

MIME-type spoofing in Firefox/Thunderbird and file managers

Published: Mar 7 2023

An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.

Code execution through MIME-type association of Mono interpreter

Published: Feb 28 2023

A dangerous file type association in Debian which could be used to trigger arbitrary code execution.

Argument and shell command injections in browser invocation

Published: May 28 2018

I found an argument injection vulnerability related to the handling of the BROWSER environment variable in sensible-browser. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER processing and browser invocation in general.

Page 1 of 1 | Previous page | Next page | JSON Feed | Atom Feed