8/4/2023 0 Comments Pling store![]() Developers of such applications must put in a high level of scrutiny to ensure their security. a missing origin check) can lead to severe consequences (drive-by RCE from any browser with the vulnerable application running in the background). In this environment, even relatively small vulnerabilities (e.g. demonstrate the additional risk associated with such marketplaces. Unfortunately, this is not the only situation in which an unpatched vulnerability in Linux Pling can become dangerous as a similar XSS flaw was uncovered in the GNOME Shell Extensions marketplace. The XSS gets triggered inside the Pling app while it’s running in the background allowing the JavaScript code to establish a connection to the local WebSocket server that’s used to listen to messages from the app, and also to send messages in order to execute arbitrary native code by downloading and executing an. It all starts with a user that visits a malicious website using the browser. As it turns out, that mechanism can be exploited by any website to run arbitrary native code while the PlingStore app is open in the background. The concerning fact is that this unpatched vulnerability in Linux Pling can allow for a supply-chain attack XSS worm in which a JavaScript payload could be exploited by an adversary to upload versions of software that are containing trojans and also to be able to tweak the metadata of a victim’s listing in order to include and propagate the attack code.Īs the application can install other applications, it has another built-in mechanism to execute code on the level. This specific unpatched vulnerability in Linux Pling is stemming from the manner in which the store’s product listings page parses HTML or embedded media fields, therefore potentially allowing an attacker to inject malicious JavaScript code that could result in arbitrary code execution. PlingStore is an Installer and Content Management App for OCS-compatible websites like, ,, that allows users to download, install and apply desktop themes, icon themes, wallpapers, or mouse cursors directly under various desktop environments using the “Install”-button. Some of the Pling-based app stores impacted by the flaw are, ,, , and. The native PlingStore application is affected by an RCE vulnerability, which can be triggered from any website while the app is running. Linux marketplaces that are based on the Pling platform are vulnerable to a wormable with the potential for a supply-chain attack. Download Pling til din Android-tablet og Android-smartphone. Du kan ogs logge ind og lse direkte p din computer. If you really want that theme, I'd suggest you to either install Kubuntu or Kubuntu's desktop environment which is basically based on KDE.The newly discovered unpatched vulnerability in Linux Pling is affecting Pling-based free and open-source software (FOSS) marketplaces for the Linux platform and has the potential to be abused in order to stage supply-chain attacks and achieve remote code execution (RCE). Du kan nu downloade Pling app'en til din mobil eller tablet. But here you are trying to install a KDE theme. Note: It seems you have Ubuntu installed which uses GNOME. Then open terminal and grant execute permissions using chmod +x pling-store-5.0.2-1-x86_64.AppImageĪnd then double click on the app to launch the store. Now when you click xdg-open, a window will appear asking for confirmation.īut if you prefer Pling, you can download the AppImage from here. You can install OCS URL by downloading deb file from here and then open terminal and run: sudo dpkg -i ocs-url_3.1.0-0ubuntu1_b But it seems that you have none installed. Stremio is part of Apps, Games and Add-ons, which is supported by. It is expecting xdg-open to open either of them. Works with pling-storeor ocs-url product-maker. *Needs pling-store or ocs-url to install things Under everything in KDE store, a note is written The KDE Store install things Pling Store or OCS URL. Xdg-open is a tool which opens file in the user's preferred application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |