Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KDE SC 路径遍历漏洞
Vulnerability Description
KDE SC是KDE社区的一个KDE的桌面环境。2010年2月4.4版发布之前的版本,Software Compilation称为K Desktop Environment。 KDE SC 4.6.2以及之前版本存在路径遍历漏洞,该漏洞源于没有正确过滤name属性,可欺骗用户从特制的metalink文件下载内容。远程攻击者可以借助目录遍历攻击,下载文件到预设下载目录的外部。
CVSS Information
N/A
Vulnerability Type
N/A