CVE-2013-2074
https://notcve.org/view.php?id=CVE-2013-2074
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. kioslave/http/http.cpp en KIO en kdelibs 4.10.3 y anteriores permite a atacantes remotos descubrir credenciales a través de una solicitud manipulada que provoca un "internal server error," el cual incluye el nombre de usuario y contraseña en un mensaje de error. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776 http://ubuntu.com/usn/usn-1842-1 http://www.openwall.com/lists/oss-security/2013/05/10/4 http://www.openwall.com/lists/oss-security/2013/05/11/2 http://www.osvdb.org/93244 http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure https://bugs.kde.org/show_bug.cgi?id=319428 https://bugzilla.redhat.com/show_bug.cgi?id=961981 https://projects.kde.org/projects/kde/kdelibs/r • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-2702
https://notcve.org/view.php?id=CVE-2009-2702
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE KSSL en kdelibs v3.5.4, v4.2.4, y v4.3 no maneja apropiadamente un carácter '\0' en un nombre de dominio en el campo Nombre de Asunto Alternativo de un certificado X.509, lo que permite a los atacantes "hombre en el medio" suplantar un servidor SLL a través de certificados manipulados emitido por una Autoridad Certificadora legítima, un asunto relativo a CVE-2009-2408. • http://secunia.com/advisories/36468 http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 http://www.mandriva.com/security/advisories?name=MDVSA-2011:162 http://www.vupen.com/english/advisories/2009/2532 https://bugzilla.redhat.com/show_bug.cgi?id=520661 • CWE-310: Cryptographic Issues •
CVE-2004-1165 – KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution
https://notcve.org/view.php?id=CVE-2004-1165
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24801 http://marc.info/?l=bugtraq&m=110245752232681&w=2 http://www.debian.org/security/2005/dsa-631 http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 http://www.redhat.com/support/errata/RHSA-2005-009.html http://www.redhat.com/support/errata/RHSA-2005-065.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18384 https://oval.cisecurity.org/repository/search •
CVE-2003-0459
https://notcve.org/view.php?id=CVE-2003-0459
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. KDE Konqueror de KDE 3.1.2 y anteriores no elimina los credenciales de autenticación de URLs de la forma "usuario:contraseña@máquina" en la cabecera HTTP-Referer, lo que podría permitir a sitios web remotos robar las credenciales de páginas que enlazan a esos sitios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html http://marc.info/?l=bugtraq&m=105986238428061&w=2 http://www.debian.org/security/2003/dsa-361 http://www.kde.org/info/security/advisory-20030729-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:079 http://www.redhat.com/support/errata/RHSA-2003-235.html http://www.redhat.com/support/errata/RHSA-2003-236.html http:& •