U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:kde:kde_sc:4.3.0:beta3
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity
CVE-2011-1586

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.

Published: April 26, 2011; 8:55:04 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

Published: May 17, 2010; 5:00:01 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

Published: May 17, 2010; 5:00:01 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM