Page 4 of 90 results (0.015 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. La función HTMLQuoteColorer::process en messageviewer/htmlquotecolorer.cpp en KDE PIM v4.6 hasta v4.8 no desabilita JavaScript, Java, ni los complementos, lo que permite a atacantes remotos inyectar secuencias de comandos o HTML a través de un correo manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083946.html http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084262.html http://secunia.com/advisories/50008 http://ubuntu.com/usn/usn-1512-1 http://www.openwall.com/lists/oss-security/2012/07/13/3 http://www.openwall.com/lists/oss-security/2012/07/13/4 http://www.openwall.com/lists/oss-security/2012/07/16/3 http://www.openwall.com/lists/oss-security/2012/07/17/11 https:/&# • CWE-16: Configuration •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. La API KDE SSL Wrapper (KSSL) en KDE SC v4.6.0 hasta 4.7.1 y posiblemente versiones anteriores, no utiilizan una fuente concreta cuando renderizan los campos de certificado en un diálogo de seguridad, lo que permite a atacantes remotos falsificar el nombre común (CN) de un certificado a través de un texto enriquecido. • http://www.kde.org/info/security/advisory-20111003-1.txt http://www.mandriva.com/security/advisories?name=MDVSA-2011:162 http://www.redhat.com/support/errata/RHSA-2011-1364.html http://www.redhat.com/support/errata/RHSA-2011-1385.html https://bugzilla.redhat.com/show_bug.cgi?id=743054 https://access.redhat.com/security/cve/CVE-2011-3365 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 11EXPL: 2

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. Vulnerabilidad de salto de directorio en Ark 4.7.x y anteriores permite a atacantes remotos eliminar y forzar la visualización de archivos arbitrarios a través de secuencias .. (punto punto) en un archivo zip. Ark version 2.16 suffers from a directory traversal vulnerability when handling a malformed ZIP file. • http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html http://seclists.org/fulldisclosure/2011/Oct/351 http://www.ubuntu.com/usn/USN-1276-1 https://bugzilla.novell.com/show_bug.cgi?id=708268 https://bugzilla.redhat.com/show_bug.cgi?id=725764 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. Vulnerabilidad de salto de directorio en la función KGetMetalink::File::isValidNameAttr en ui/metalinkcreator/metalinker.cpp en KGet en KDE SC v4.6.2 y anteriores, permite a atacantes remotos crear ficheros de su elección a través de un .. (punto punto) en el atributo de nombre de un elemento de archivo en un archivo de Metalink. • http://openwall.com/lists/oss-security/2011/04/15/9 http://secunia.com/advisories/44124 http://secunia.com/advisories/44329 http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468 http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469 http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathr • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 3

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función KHTMLPart::htmlError en khtml/khtml_part.cpp en Konqueror en KDE SC v4.4.0 hasta v4.6.1, permite a usuarios remotos inyectar script o HTML de su elección a través de URI en una URL correspondiente a una sitio web no disponible. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://secunia.com/advisories/44065 http://secunia.com/advisories/44108 http://securityreason.com/securityalert/8208 http://securitytracker.com/id?1025322 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727 http://www.kde.org/info/security/advisory-20110411-1.txt http://www.mandriva.com/security/advisories?name=MDVSA-2011:075 http://www.nth-dimension.org.uk/pub/NDSA20110321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •