Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:kde:kde_sc:4.0.0:alpha1:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-1586 |
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. Published: April 26, 2011; 8:55:04 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2010-1511 |
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. Published: May 17, 2010; 5:00:01 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2010-1000 |
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Published: May 17, 2010; 5:00:01 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |