NotCVE - vendor:"Kde" product:"Konqueror" version:"3.0.5b"

Page 2 of 13 results (0.001 seconds)

CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0

CVE-2004-0411

https://notcve.org/view.php?id=CVE-2004-0411

20 May 2004 — The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. Los manejadores de URI en Konqueror de KDE 3.2.2 y anteriores no filtran adecuadamente caractéres "-" en el inicio de un nombre de máquina en URIs (1) telnet, (2) rlogin, (3) ssh,... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 1

CVE-2003-0592

https://notcve.org/view.php?id=CVE-2003-0592

16 Mar 2004 — Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Konqueror en KDE 3.1.3 y anteriores (kdelibs) permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicació... • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html •

CVSS: 9.8EPSS: 1%CPEs: 33EXPL: 0

CVE-2003-0459

https://notcve.org/view.php?id=CVE-2003-0459

01 Aug 2003 — KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. KDE Konqueror de KDE 3.1.2 y anteriores no elimina los credenciales de autenticación de URLs de la forma "usuario:contraseña@máquina" en la cabecera HTTP-Referer, lo que podría permitir a sitios web remotos robar las credenciales de páginas que enlazan a esos siti... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 •

1 2