CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6591
https://notcve.org/view.php?id=CVE-2007-6591
28 Dec 2007 — KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. KDE Konqueror 3.5.5 y 3.95.00, cuando un usuario acepta un certificado de servidor SSL basándose en el n... • http://nils.toedtmann.net/pub/subjectAltName.txt •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-6000 – KDE Konqueror 3.5.6 - Cookie Handling Denial of Service
https://notcve.org/view.php?id=CVE-2007-6000
15 Nov 2007 — KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. KDE Konqueror 3.5.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante parámetros de cookie HTTP grandes. • https://www.exploit-db.com/exploits/30763 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-4229 – KDE Konqueror 3.5.7 - Assert Denial of Service
https://notcve.org/view.php?id=CVE-2007-4229
08 Aug 2007 — Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en el KDE Konqueror 3.5.7 y versiones anteriores permite a atacantes remotos provocar un... • https://www.exploit-db.com/exploits/30444 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4224 – URL spoof in address bar
https://notcve.org/view.php?id=CVE-2007-4224
08 Aug 2007 — KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. KDE Konqueror 3.5.7 permite a atacantes remotos suplantar la barra de direcciones URL llamando al setInterval con un intervalo pequeño y cambiando la propiedad window.location. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4225
https://notcve.org/view.php?id=CVE-2007-4225
08 Aug 2007 — Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. Vulnerabilidad de truncado visual en KDE Konqueror 3.5.7 permite a atacantes remotos falsificar la barra de direcciones URL mediante un URI http con una gran cantidad de espacios en blanco en la parte user/password. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3820 – Spoofing of URI possible in Konqueror's address bar
https://notcve.org/view.php?id=CVE-2007-3820
17 Jul 2007 — konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. konqueror/konq_combo.cc en Konqueror 3.5.7 permite a atacantes remotos suplantar datos: el esquema URI en la barra de direcciones a través de una URI larga con espacios en blanco que se arrastra, lo cual previene que se muestre el comienzo de la URI. • http://alt.swiecki.net/oper1.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-3143
https://notcve.org/view.php?id=CVE-2007-3143
11 Jun 2007 — Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. Vulnerabilidad de truncamiento visual en Konqueror 3.5.5 permite a atacantes remotos envenenar la barra de dirección y posiblemente realizar ataques de phishing a través de un nombre de host largo, el cual está truncado despué... • http://osvdb.org/43465 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2164
https://notcve.org/view.php?id=CVE-2007-2164
22 Apr 2007 — Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Konqueror 3.5.5 en el lanzamiento 45.4 permite a atacantes remotos provocar denegación de servicio (caida o aborto de aplicación) a través de JavaScript que valida una expresión regular contra una cadena larga, como se demostró utilizando /(.)*/. • http://securityreason.com/securityalert/2600 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2007-1564 – KDE Konqueror 3.x/IOSlave - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1564
21 Mar 2007 — The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Konqueror versión 3.5.5, permite a los servidores remotos forzar al cliente a conectarse a otros servidores, al realizar un escaneo de puertos proxy u obtener información confidencial mediante la especificación de una direc... • https://www.exploit-db.com/exploits/29770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1565
https://notcve.org/view.php?id=CVE-2007-1565
21 Mar 2007 — Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. Konqueror 3.5.5 permite a atacantes remotos provocar una denegación de servicio (caída) usando JavaScript para leer un iframe hijo teniendo una ftp:// URI. • http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf •