CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3820 – Spoofing of URI possible in Konqueror's address bar
https://notcve.org/view.php?id=CVE-2007-3820
17 Jul 2007 — konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. konqueror/konq_combo.cc en Konqueror 3.5.7 permite a atacantes remotos suplantar datos: el esquema URI en la barra de direcciones a través de una URI larga con espacios en blanco que se arrastra, lo cual previene que se muestre el comienzo de la URI. • http://alt.swiecki.net/oper1.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-3143
https://notcve.org/view.php?id=CVE-2007-3143
11 Jun 2007 — Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. Vulnerabilidad de truncamiento visual en Konqueror 3.5.5 permite a atacantes remotos envenenar la barra de dirección y posiblemente realizar ataques de phishing a través de un nombre de host largo, el cual está truncado despué... • http://osvdb.org/43465 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2164
https://notcve.org/view.php?id=CVE-2007-2164
22 Apr 2007 — Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Konqueror 3.5.5 en el lanzamiento 45.4 permite a atacantes remotos provocar denegación de servicio (caida o aborto de aplicación) a través de JavaScript que valida una expresión regular contra una cadena larga, como se demostró utilizando /(.)*/. • http://securityreason.com/securityalert/2600 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2007-1564 – KDE Konqueror 3.x/IOSlave - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1564
21 Mar 2007 — The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Konqueror versión 3.5.5, permite a los servidores remotos forzar al cliente a conectarse a otros servidores, al realizar un escaneo de puertos proxy u obtener información confidencial mediante la especificación de una direc... • https://www.exploit-db.com/exploits/29770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1565
https://notcve.org/view.php?id=CVE-2007-1565
21 Mar 2007 — Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. Konqueror 3.5.5 permite a atacantes remotos provocar una denegación de servicio (caída) usando JavaScript para leer un iframe hijo teniendo una ftp:// URI. • http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 4CVE-2007-1308 – KDE Konqueror 3.5 - JavaScript IFrame Denial of Service
https://notcve.org/view.php?id=CVE-2007-1308
07 Mar 2007 — ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. ecma/kjs_html.cpp en KDE JavaScript (KJS), como el usado en Konqueror en KDE 3.5.5, permite a atacantes remotos provocar una denegación de servicio (caída) accediendo al contenido de un iframe con un URL ftp:// en el atributo src, probablemente debid... • https://www.exploit-db.com/exploits/29713 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0537 – konqueror XSS
https://notcve.org/view.php?id=CVE-2007-0537
29 Jan 2007 — The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. La biblioteca HTML KDE (kdelibs), como es usado en Konqueror versión 3.5.5, no analiza de manera apropiada los comentarios HTML, lo que permite a los atacantes remotos conducir ataques de tipo Cross-S... • http://osvdb.org/32975 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 5%CPEs: 24EXPL: 4CVE-2006-3672 – KDE Konqueror 3.5.x - ReplaceChild Denial of Service
https://notcve.org/view.php?id=CVE-2006-3672
18 Jul 2006 — KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. KDE Konqueror 3.5.1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de la llamada al método replaceChild sobre un objeto DOM, el cual dispara una referencia NULL, somo se demostró con la ll... • https://www.exploit-db.com/exploits/28220 •
CVSS: 6.4EPSS: 0%CPEs: 23EXPL: 0CVE-2005-4684
https://notcve.org/view.php?id=CVE-2005-4684
31 Dec 2005 — Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2005-0237
https://notcve.org/view.php?id=CVE-2005-0237
07 Feb 2005 — The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html •