Directory Traversal Vulnerability in KGet from KDE
CVE-2010-1000

Currently unrated

Key Information:

Vendor: Kde
Status: Kde Sc
Vendor: CVE Published:; 17 May 2010

What is CVE-2010-1000?

KGet, the download manager from KDE, is susceptible to directory traversal attacks that allow remote attackers to craft malicious metalink files. By manipulating the 'name' attribute of file elements within these files, an attacker can exploit this vulnerability to create arbitrary files on the user's file system. This flaw poses a significant risk to users of KGet versions 4.0.0 through 4.4.3, highlighting the need for stringent file handling and validation in software to prevent such security breaches.

References

http://www.securityfocus.com/bid/40141

vdb-entryx_refsource_BID

http://www.ubuntu.com/usn/USN-938-1

vendor-advisoryx_refsource_UBUNTU

http://www.vupen.com/english/advisories/2011/1101

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2010
Vulnerability Reserved
Mar 18, 2010

CVE-2010-1000 Data

JSON

Kde

What is CVE-2010-1000?

References

Timeline