14 matches found
Directory Traversal
kdenetwork is vulnerable to directory traversal. The vulnerability exists as a flaw was found in the way KGet, a download manager, handled the "file" element in Metalink files. An attacker could use this flaw to create a specially-crafted Metalink file that, when opened, would cause KGet to...
openSUSE Security Update : kdenetwork4 (openSUSE-SU-2010:1076-1)
This update of kdenetwork fixes several bugs, the security related issues are : - CVE-2010-1000: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N: CWE-22 The 'name' attribute of the 'file' element of metalink files is not properly sanitised this can be exploited to download files to arbitrary...
Oracle Linux 6 : kdenetwork (ELSA-2011-0465)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0465 advisory. 7:4.3.4-11.1 - CVE-2010-1000, improper sanitization of metalink attribute for downloading files Tenable has extracted the preceding description block directly...
Ubuntu 9.10 / 10.04 LTS / 10.10 : kdenetwork vulnerability (USN-1114-1)
It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution. Note that...
Important: Red Hat Security Advisory: kdenetwork security update
Updated kdenetwork packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
USN-1114-1: KDENetwork vulnerability
It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution...
openSUSE Security Update : aria2 (openSUSE-SU-2010:0338-2)
Specially crafted metalink files could trick aria2 into store downloaded files outside of the intended directory CVE-2010-1512. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update aria2-3063. The...
Orbit Downloader metalink 'name' Directory Traversal Vulnerability
This host is installed with Orbit Downloader and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: gborbitdownloadermetalinkdirtraversalvuln.nasl 5323 2017-02-17 08:49:23Z teissa $ Orbit Downloader metalink 'name' Directory Traversal Vulnerability Authors: Sooraj KS...
Secunia Research: Orbit Downloader metalink "name" Directory Traversal
====================================================================== Secunia Research 19/05/2010 - Orbit Downloader metalink "name" Directory Traversal - ====================================================================== Table of Contents Affected...
Orbit Downloader directory traversal
metalink files directory traversal...
Secunia Research: aria2 metalink "name" Directory Traversal Vulnerability
====================================================================== Secunia Research 13/05/2010 - aria2 metalink "name" Directory Traversal Vulnerability - ====================================================================== Table of Contents Affected...
DSA-2047-1 aria2 - directory traversal
Bulletin has no description...
aria2 directory traversal
Directory traversal via metalink files...
USN-938-1: KDENetwork vulnerabilities
It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution. CVE-2010-100...