Directory Traversal Vulnerability in KGet from KDE
CVE-2010-1000

Currently unrated

Key Information:

Vendor

Kde

Status
Kde Sc
Vendor
CVE Published:
17 May 2010

What is CVE-2010-1000?

KGet, the download manager from KDE, is susceptible to directory traversal attacks that allow remote attackers to craft malicious metalink files. By manipulating the 'name' attribute of file elements within these files, an attacker can exploit this vulnerability to create arbitrary files on the user's file system. This flaw poses a significant risk to users of KGet versions 4.0.0 through 4.4.3, highlighting the need for stringent file handling and validation in software to prevent such security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/40141
vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-938-1
vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2011/1101
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.