Showing 1 - 4 of 4

Files from Dominik Penner

First Active	2019-06-21
Last Active	2019-08-05

KDE 4/5 KDesktopFile Command Injection: Posted Aug 5, 2019; Authored by Dominik Penner; KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class. When a .desktop or .directory file is instantiated, it unsafely evaluates environment variables and shell expansions using KConfigPrivate::expandString() via the KConfigGroup::readEntry() function. Using a specially crafted .desktop file a remote user could be compromised by simply downloading and viewing the file in their file manager, or by drag and dropping a link of it into their documents or desktop. Versions 5.60.0 and below are affected.; tags | exploit, remote, shell; SHA-256 | b976357316212f652d1a32df71b0bd1aeac8e5a5a6fef96198aa227ed6d6f007; Download | Favorite | View

Axway SecureTransport 5 XML Injection: Posted Jul 23, 2019; Authored by Dominik Penner; Axway SecureTransport 5 suffers from an unauthenticated XML external entity injection vulnerability.; tags | exploit; SHA-256 | 7ae144683e44ae643e28c83da54fe27287daee7e50a92c55a6932e7a99323e09; Download | Favorite | View

EA Origin Template Injection Remote Code Execution: Posted Jul 1, 2019; Authored by Dominik Penner; EA Origin versions prior to 10.5.36 suffer from a remote code execution vulnerability via template injection leveraging cross site scripting.; tags | exploit, remote, code execution, xss; advisories | CVE-2019-11354; SHA-256 | af9879f10c02113c3080a33818943c5f3c89e87d4eba8a417c9abf033be8d53d; Download | Favorite | View

EA Origin Remote Code Execution: Posted Jun 21, 2019; Authored by Dominik Penner; EA Origin versions prior to 10.5.38 suffer from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2019-12828; SHA-256 | f0de366e5349b0d5f1a354e208bc594b56a06754395bb9d4404642b9aa5ddb7c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days