the original cloud security
Showing 1 - 4 of 4 RSS Feed

CVE-2010-1000

Status Candidate

Overview

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

Related Files

Gentoo Linux Security Advisory 201412-08
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251
MD5 | 4988293251dc9709a0f0caf5c1076c9b
Mandriva Linux Security Advisory 2010-098
Posted May 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-098 - The name attribute of the file element of metalink files is not properly sanitized before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Packages for 2009.0 are provided due to the Extended Maintenance Program. The corrected packages solves these problems.

tags | advisory
systems | linux, mandriva
advisories | CVE-2010-1000
MD5 | 9e2e1a1abc9b95db7f17a845f1244f45
KDE KGet metalink "name" Directory Traversal Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to KGet not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. KDE version 4.4.2 is affected.

tags | advisory
advisories | CVE-2010-1000
MD5 | 3305045279517e7f1a37b710180a597d
Ubuntu Security Notice 938-1
Posted May 14, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 938-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.

tags | advisory, remote, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2010-1000
MD5 | e70c369ed4d3d65b4960700f01336f33
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close