CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-6000 – KDE Konqueror 3.5.6 - Cookie Handling Denial of Service
https://notcve.org/view.php?id=CVE-2007-6000
15 Nov 2007 — KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. KDE Konqueror 3.5.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante parámetros de cookie HTTP grandes. • https://www.exploit-db.com/exploits/30763 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-4229 – KDE Konqueror 3.5.7 - Assert Denial of Service
https://notcve.org/view.php?id=CVE-2007-4229
08 Aug 2007 — Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en el KDE Konqueror 3.5.7 y versiones anteriores permite a atacantes remotos provocar un... • https://www.exploit-db.com/exploits/30444 •
CVSS: 7.5EPSS: 5%CPEs: 24EXPL: 4CVE-2006-3672 – KDE Konqueror 3.5.x - ReplaceChild Denial of Service
https://notcve.org/view.php?id=CVE-2006-3672
18 Jul 2006 — KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. KDE Konqueror 3.5.1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de la llamada al método replaceChild sobre un objeto DOM, el cual dispara una referencia NULL, somo se demostró con la ll... • https://www.exploit-db.com/exploits/28220 •
CVSS: 6.4EPSS: 0%CPEs: 23EXPL: 0CVE-2005-4684
https://notcve.org/view.php?id=CVE-2005-4684
31 Dec 2005 — Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2005-0237
https://notcve.org/view.php?id=CVE-2005-0237
07 Feb 2005 — The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html •
CVSS: 7.5EPSS: 3%CPEs: 28EXPL: 2CVE-2004-1158
https://notcve.org/view.php?id=CVE-2004-1158
10 Dec 2004 — Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://marc.info/?l=bugtraq&m=110296048613575&w=2 •
CVSS: 9.8EPSS: 11%CPEs: 10EXPL: 1CVE-2004-1165 – KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution
https://notcve.org/view.php?id=CVE-2004-1165
10 Dec 2004 — Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24801 •
CVSS: 8.1EPSS: 4%CPEs: 27EXPL: 0CVE-2004-0867
https://notcve.org/view.php?id=CVE-2004-0867
24 Sep 2004 — Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior específicos de países, como .ltd.uk, .plc.uk, y .sch.uk, lo que podría permitir a atacantes remotos realizar ataques de fijac... • http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 3%CPEs: 27EXPL: 0CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
16 Sep 2004 — Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2004-0870
https://notcve.org/view.php?id=CVE-2004-0870
16 Sep 2004 — KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." • http://securityfocus.com/archive/1/375407 •