VYPR

Kget

by KDE

CVEs (3)

  • CVE-2011-1586Apr 27, 2011
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a…

  • CVE-2010-1511May 17, 2010
    risk 0.00cvss epss 0.03

    KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

  • CVE-2010-1000May 17, 2010
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.