Page 2 of 8 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. kio/kio/tcpslavebase.cpp de KDE KSSL de kdelibs en versiones anteriores a la 4.6.1 no verifica apropiadamente que el nombre del servidor sea el mismo que el nombre de domino del subjeto de un certificado X.509, lo que permite a atacantes man-in-the-middle suplantar servidores SSL de su elección a través de un certificado suministrado por una autoridad de certificación legítima para una dirección IP. Una vulnerabilidad distinta a la CVE-2009-2702. • http://openwall.com/lists/oss-security/2011/03/08/13 http://openwall.com/lists/oss-security/2011/03/08/20 http://secunia.com/advisories/44108 http://www.mandriva.com/security/advisories?name=MDVSA-2011:071 http://www.securityfocus.com/bid/46789 http://www.ubuntu.com/usn/USN-1110-1 http://www.vupen.com/english/advisories/2011/0913 http://www.vupen.com/english/advisories/2011/0990 https://exchange.xforce.ibmcloud.com/vulnerabilities/65986 https://projects.kde.org/ • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 81%CPEs: 10EXPL: 1

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24801 http://marc.info/?l=bugtraq&m=110245752232681&w=2 http://www.debian.org/security/2005/dsa-631 http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 http://www.redhat.com/support/errata/RHSA-2005-009.html http://www.redhat.com/support/errata/RHSA-2005-065.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18384 https://oval.cisecurity.org/repository/search&# •

CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. KDE Konqueror de KDE 3.1.2 y anteriores no elimina los credenciales de autenticación de URLs de la forma "usuario:contraseña@máquina" en la cabecera HTTP-Referer, lo que podría permitir a sitios web remotos robar las credenciales de páginas que enlazan a esos sitios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html http://marc.info/?l=bugtraq&m=105986238428061&w=2 http://www.debian.org/security/2003/dsa-361 http://www.kde.org/info/security/advisory-20030729-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:079 http://www.redhat.com/support/errata/RHSA-2003-235.html http://www.redhat.com/support/errata/RHSA-2003-236.html http:& •