identified a vulnerability
in the Opera Web Browser
that could allow remote attackers to create or truncate
arbitrary files. The KDE team has found that similar
vulnerabilities exists in KDE.
The telnet, rlogin, ssh and mailto URI handlers in KDE do not
check for '-' at the beginning of the hostname passed, which
makes it possible to pass an option to the programs started
by the handlers.