1 results (0.001 seconds)

CVSS: 6.4EPSS: 0%CPEs: 56EXPL: 0

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3 no solicita de forma adecuada la confirmación de descarga por parte del usuario, lo que facilita a atacantes remotos sobrescribir ficheros de su elección a través un fichero metalik manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64689 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/secunia_research/2010-70 http://securitytracker.com/id?1023984 http://www.kde.org/info/security/advisory-20100513-1.txt http://www.securityfocus.com/archive/1/511279/100/0/threaded http://www.securityfocus.com/archive/1/511294 • CWE-264: Permissions, Privileges, and Access Controls •