CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4976
https://notcve.org/view.php?id=CVE-2009-4976
02 Aug 2010 — Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en webkitpart.cpp en kwebkitpart permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante una URL asociada con un nombre de dominio no exist... • http://websvn.kde.org/?view=rev&revision=1059140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2009-2537
https://notcve.org/view.php?id=CVE-2009-2537
20 Jul 2009 — KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. KDE Konqueror permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de de un valor entero largo en la propiedad lenght en un objeto Select, relativo a CVE-2009-1692. • http://secunia.com/advisories/36057 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2008-5712 – Konqueror 3.5.9 - 'color'/'bgcolor' Multiple Remote Crash Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-5712
24 Dec 2008 — The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. El analizador HTML en KDE Konqueror 3.5.9 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante (1) un atributo COLOR largo en un elemento HR; o unos atri... • https://www.exploit-db.com/exploits/6704 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 1CVE-2008-5698 – Konqueror 3.5.9 - 'load' Remote Crash
https://notcve.org/view.php?id=CVE-2008-5698
22 Dec 2008 — HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. HTMLTokenizer::scriptHandler en Konqueror de KDE v3.5.9 y v3.5.10, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una llamada no válida a document.load, esto lanza que se use ... • https://www.exploit-db.com/exploits/6718 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4382
https://notcve.org/view.php?id=CVE-2008-4382
02 Oct 2008 — Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. Konqueror de KDE v3.5.9 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un Javascript que llama a la función alert con una cadena codificada en formato URL de un número largo de caracteres inválidos. • http://www.securityfocus.com/archive/1/496849/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6591
https://notcve.org/view.php?id=CVE-2007-6591
28 Dec 2007 — KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. KDE Konqueror 3.5.5 y 3.95.00, cuando un usuario acepta un certificado de servidor SSL basándose en el n... • http://nils.toedtmann.net/pub/subjectAltName.txt •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-6000 – KDE Konqueror 3.5.6 - Cookie Handling Denial of Service
https://notcve.org/view.php?id=CVE-2007-6000
15 Nov 2007 — KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. KDE Konqueror 3.5.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante parámetros de cookie HTTP grandes. • https://www.exploit-db.com/exploits/30763 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-4229 – KDE Konqueror 3.5.7 - Assert Denial of Service
https://notcve.org/view.php?id=CVE-2007-4229
08 Aug 2007 — Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en el KDE Konqueror 3.5.7 y versiones anteriores permite a atacantes remotos provocar un... • https://www.exploit-db.com/exploits/30444 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4224 – URL spoof in address bar
https://notcve.org/view.php?id=CVE-2007-4224
08 Aug 2007 — KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. KDE Konqueror 3.5.7 permite a atacantes remotos suplantar la barra de direcciones URL llamando al setInterval con un intervalo pequeño y cambiando la propiedad window.location. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4225
https://notcve.org/view.php?id=CVE-2007-4225
08 Aug 2007 — Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. Vulnerabilidad de truncado visual en KDE Konqueror 3.5.7 permite a atacantes remotos falsificar la barra de direcciones URL mediante un URI http con una gran cantidad de espacios en blanco en la parte user/password. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html •