CVE-2004-1165 | Vulnerability Database | Aqua Security

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (%0a) before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Affected Software

Name	Vendor	Start Version	End Version
Kdelibs	Kde	3.1 (including)	3.1 (including)
Kdelibs	Kde	3.1.1 (including)	3.1.1 (including)
Kdelibs	Kde	3.1.2 (including)	3.1.2 (including)
Kdelibs	Kde	3.1.3 (including)	3.1.3 (including)
Kdelibs	Kde	3.1.4 (including)	3.1.4 (including)
Kdelibs	Kde	3.1.5 (including)	3.1.5 (including)
Kdelibs	Kde	3.2 (including)	3.2 (including)
Kdelibs	Kde	3.2.1 (including)	3.2.1 (including)
Kdelibs	Kde	3.2.2 (including)	3.2.2 (including)
Konqueror	Kde	3.3.1 (including)	3.3.1 (including)

References

http://marc.info/?l=bugtraq\u0026m=110245752232681\u0026w=2
http://www.debian.org/security/2005/dsa-631
http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
http://www.redhat.com/support/errata/RHSA-2005-009.html
http://www.redhat.com/support/errata/RHSA-2005-065.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18384
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1165
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html