Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-1165

Published: 10/01/2005 Updated: 11/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Kdelibs

Vulnerability Summary

Konqueror 3.3.1 allows remote malicious users to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Vulnerable Product Search on Vulmon Subscribe to Product

kde kdelibs 3.1.4

kde kdelibs 3.1.5

kde kdelibs 3.2

kde kdelibs 3.2.1

kde kdelibs 3.1

kde kdelibs 3.2.2

kde konqueror 3.3.1

kde kdelibs 3.1.1

kde kdelibs 3.1.2

kde kdelibs 3.1.3

Vendor Advisories

Red Hat: kdelibs, kdebase security update
Synopsis kdelibs, kdebase security update Type/Severity Security Advisory: Important Topic Updated kdelib and kdebase packages that resolve several security issuesare now available Description The kdelibs packages include libraries for the K Desktop Environment Thekdebase packages include ...
Red Hat: kdelibs security update
Synopsis kdelibs security update Type/Severity Security Advisory: Important Topic Updated kdelibs packages that resolve security issues in Konqueror are nowavailable for Red Hat Enterprise Linux 4This update has been rated as having important security impact by theRed Hat Security Response Team D ...
Debian Security Advisories: DSA-631-1 kdelibs -- unsanitised input
Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline before the FTP command For the stable distribution (woody) this problem has been fixed in version 222-13woody13 For the unstable di ...

Exploits

Exploit DB: KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution
source: wwwsecurityfocuscom/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to utilizing it to execute FTP commands on remote servers Thi ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2005/dsa-631http://www.gentoo.org/security/en/glsa/glsa-200501-18.xmlhttp://www.redhat.com/support/errata/RHSA-2005-009.htmlhttp://www.redhat.com/support/errata/RHSA-2005-065.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:045http://marc.info/?l=bugtraq&m=110245752232681&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18384https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645https://access.redhat.com/errata/RHSA-2005:009https://nvd.nist.govhttps://www.exploit-db.com/exploits/24801/https://www.debian.org/security/./dsa-631
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook