Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1165

7 documents6 sources

Severity

7.5HIGH

EPSS

14.1%

top 5.65%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

KDE Kdelibs KDE Konqueror

Timeline

PublishedJan 10

Latest updateApr 29

Description

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDkde/konqueror3.3.1

▶NVDkde/kdelibs9 versions+8

🔴Vulnerability Details

GHSA

GHSA-jg55-cw7x-6vvc: Konqueror 3↗2022-04-29

▶

CVEList

CVE-2004-1165: Konqueror 3↗2004-12-10

▶

💥Exploits & PoCs

Exploit-DB

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution↗2004-12-06

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-12-05

▶

💬Community

Bugzilla

CVE-2004-1165 security flaw↗2018-08-16

▶