The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16163
http://www.kde.org/info/security/advisory-20040517-1.txt
http://www.debian.org/security/2004/dsa-518