Page 2 of 9 results (0.007 seconds)

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 1

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Konqueror versión 3.5.5, permite a los servidores remotos forzar al cliente a conectarse a otros servidores, al realizar un escaneo de puertos proxy u obtener información confidencial mediante la especificación de una dirección de servidor alternativa en una respuesta PASV FTP. • https://www.exploit-db.com/exploits/29770 http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf http://secunia.com/advisories/24889 http://secunia.com/advisories/27108 http://securitytracker.com/id?1017801 http://www.kde.org/info/security/advisory-20070326-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:072 http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.redhat.com/support/errata/RHSA-2007-0909.html http://www.secur • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. Konqueror 3.5.5 permite a atacantes remotos provocar una denegación de servicio (caída) usando JavaScript para leer un iframe hijo teniendo una ftp:// URI. • http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf •

CVSS: 4.3EPSS: 95%CPEs: 1EXPL: 4

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. ecma/kjs_html.cpp en KDE JavaScript (KJS), como el usado en Konqueror en KDE 3.5.5, permite a atacantes remotos provocar una denegación de servicio (caída) accediendo al contenido de un iframe con un URL ftp:// en el atributo src, probablemente debido a una referencia a un puntero nulo. • https://www.exploit-db.com/exploits/29713 http://bindshell.net/advisories/konq355 http://bindshell.net/advisories/konq355/konq355-patch.diff http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html http://secunia.com/advisories/27108 http://securityreason.com/securityalert/2345 http://www.mandriva.com/security/advisories?name=MDKSA-2007:054 http://www.redhat.com/support/errata/RHSA-2007-0909.html http://www.securityfocus.com/archive/1/461897/100/0/threaded http:/&#x • CWE-399: Resource Management Errors •

CVSS: 2.6EPSS: 6%CPEs: 1EXPL: 0

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. La biblioteca HTML KDE (kdelibs), como es usado en Konqueror versión 3.5.5, no analiza de manera apropiada los comentarios HTML, lo que permite a los atacantes remotos conducir ataques de tipo Cross-Site Scripting (XSS) y omitir algunos esquemas de protección XSS mediante la incorporación de ciertas etiquetas HTML en un comentario en una etiqueta title, un problema relacionado con CVE-2007-0478. • http://osvdb.org/32975 http://secunia.com/advisories/23932 http://secunia.com/advisories/24013 http://secunia.com/advisories/24065 http://secunia.com/advisories/24442 http://secunia.com/advisories/24463 http://secunia.com/advisories/24889 http://secunia.com/advisories/27108 http://securitytracker.com/id?1017591 http://www.gentoo.org/security/en/glsa/glsa-200703-10.xml http://www.kde.org/info/security/advisory-20070206-1.txt http://www.mandriva.com/security/advisories? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •