CVE-2005-0754
published 2005-04-22CVE-2005-0754: Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.98%
85.6th percentile
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| conectiva | linux | — | — |
| conectiva | linux | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | quanta | — | — |
| redhat | fedora_core | — | — |
| ubuntu | ubuntu_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hwmm-gww6-748j: Kommander in KDE 3
ghsa_unreviewed·2022-05-03
CVE-2005-0754 [HIGH] GHSA-hwmm-gww6-748j: Kommander in KDE 3
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
Ubuntu
Kommander vulnerability
vendor_ubuntu·2005-05-04
CVE-2005-0754 Kommander vulnerability
Title: Kommander vulnerability
Summary: Kommander vulnerability
Eckhart Wörner discovered that Kommander opens files from remote and
possibly untrusted locations without user confirmation. Since
Kommander files can contain scripts, this would allow an attacker to
execute arbitrary code with the privileges of the user opening the
file.
The updated Kommander will not automatically open files from remote
locations, and files which do not end with ".kmdr" any more.
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diffhttp://marc.info/?l=bugtraq&m=111419664411051&w=2http://secunia.com/advisories/15060http://www.kde.org/info/security/advisory-20050420-1.txthttp://www.securityfocus.com/bid/13313ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diffhttp://marc.info/?l=bugtraq&m=111419664411051&w=2http://secunia.com/advisories/15060http://www.kde.org/info/security/advisory-20050420-1.txthttp://www.securityfocus.com/bid/13313
2005-04-22
Published