CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0721
https://notcve.org/view.php?id=CVE-2004-0721
23 Jul 2004 — Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Konqueror 3.1.3, 3.2.2, y posiblemente otras versiones no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad tam... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 •
CVSS: 6.5EPSS: 5%CPEs: 12EXPL: 2CVE-2004-0527 – KDE Konqueror 3.x - Embedded Image URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-0527
08 Jun 2004 — KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. KDE Konqueror 2.1.1 y 2.2.2 permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HR... • https://www.exploit-db.com/exploits/24136 •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0CVE-2004-0411
https://notcve.org/view.php?id=CVE-2004-0411
20 May 2004 — The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. Los manejadores de URI en Konqueror de KDE 3.2.2 y anteriores no filtran adecuadamente caractéres "-" en el inicio de un nombre de máquina en URIs (1) telnet, (2) rlogin, (3) ssh,... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 1CVE-2003-0592
https://notcve.org/view.php?id=CVE-2003-0592
16 Mar 2004 — Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Konqueror en KDE 3.1.3 y anteriores (kdelibs) permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicació... • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2003-1478 – KDE Konqueror 3.0.3 - Malformed HTML Page Denial of Service
https://notcve.org/view.php?id=CVE-2003-1478
31 Dec 2003 — Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm. • https://www.exploit-db.com/exploits/22560 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 33EXPL: 0CVE-2003-0459
https://notcve.org/view.php?id=CVE-2003-0459
01 Aug 2003 — KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. KDE Konqueror de KDE 3.1.2 y anteriores no elimina los credenciales de autenticación de URLs de la forma "usuario:contraseña@máquina" en la cabecera HTTP-Referer, lo que podría permitir a sitios web remotos robar las credenciales de páginas que enlazan a esos siti... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2002-1151
https://notcve.org/view.php?id=CVE-2002-1151
11 Oct 2002 — The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. La protección de ejecución de secuencias de comandos (scripts) en sitios cruzados en Konqueror 2.2.2 y 3.0 a 3.0.3 no inicializa adecuandamente los dominios en sub-marcos y sub-iframes (marcos incrustados), lo que puede permitir que atacantes r... • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 1CVE-2002-0970
https://notcve.org/view.php?id=CVE-2002-0970
24 Sep 2002 — The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. La capacidad SSL en Konqueror 3.0.2 y anteriores no verifica las restriccíones básicas de una certificad intermedio firmado por una AC (Autoridad Certificadora), lo que permite a atacantes remotos falsear los certificados de sitios de confianza mediante un ataque de h... • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt •