Page 2 of 7 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 56EXPL: 0

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3 no solicita de forma adecuada la confirmación de descarga por parte del usuario, lo que facilita a atacantes remotos sobrescribir ficheros de su elección a través un fichero metalik manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64689 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/secunia_research/2010-70 http://securitytracker.com/id?1023984 http://www.kde.org/info/security/advisory-20100513-1.txt http://www.securityfocus.com/archive/1/511279/100/0/threaded http://www.securityfocus.com/archive/1/511294 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 53EXPL: 0

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Vulnerabilidad de salto de directorio en KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3, permite a atacantes remotos crear ficheros de su elección al utilizar caracteres .. (punto punto) en el atributo nombre de un elemento fichero en un fichero metalink. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64690 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/advisories/42423 http://secunia.com/secunia_research/2010-69 http://securitytracker • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •