CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 2CVE-2007-3143
https://notcve.org/view.php?id=CVE-2007-3143
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. Vulnerabilidad de truncamiento visual en Konqueror 3.5.5 permite a atacantes remotos envenenar la barra de dirección y posiblemente realizar ataques de phishing a través de un nombre de host largo, el cual está truncado después de un cierto número de caracteres, como se demostró por un ataque de phishing utilizando HTTP Basic Authentication. • http://osvdb.org/43465 http://testing.bitsploit.de/test.html http://www.0x000000.com/?i=334 http://www.securityfocus.com/bid/24352 https://exchange.xforce.ibmcloud.com/vulnerabilities/34983 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2164
https://notcve.org/view.php?id=CVE-2007-2164
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Konqueror 3.5.5 en el lanzamiento 45.4 permite a atacantes remotos provocar denegación de servicio (caida o aborto de aplicación) a través de JavaScript que valida una expresión regular contra una cadena larga, como se demostró utilizando /(.)*/. • http://securityreason.com/securityalert/2600 http://www.securityfocus.com/archive/1/466017/100/0/threaded http://www.securityfocus.com/archive/1/466147/100/0/threaded •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 1CVE-2007-1564 – KDE Konqueror 3.x/IOSlave - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1564
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Konqueror versión 3.5.5, permite a los servidores remotos forzar al cliente a conectarse a otros servidores, al realizar un escaneo de puertos proxy u obtener información confidencial mediante la especificación de una dirección de servidor alternativa en una respuesta PASV FTP. • https://www.exploit-db.com/exploits/29770 http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf http://secunia.com/advisories/24889 http://secunia.com/advisories/27108 http://securitytracker.com/id?1017801 http://www.kde.org/info/security/advisory-20070326-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:072 http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.redhat.com/support/errata/RHSA-2007-0909.html http://www.secur • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1565
https://notcve.org/view.php?id=CVE-2007-1565
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. Konqueror 3.5.5 permite a atacantes remotos provocar una denegación de servicio (caída) usando JavaScript para leer un iframe hijo teniendo una ftp:// URI. • http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf •
CVSS: 2.6EPSS: 3%CPEs: 2EXPL: 2CVE-2006-7139 – KMail 1.x - HTML Element Handling Denial of Service
https://notcve.org/view.php?id=CVE-2006-7139
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. Kmail 1.9.1 en el KDE 3.5.2, con el "Preferencia de HTML frente al Texto Plano" habilitado, permite a atacantes remotos provocar una denegación de servicio (caída) mediante un e-mail HTML con ciertas tables y etiquetas frameset lo que disparan un fallo de segmentación, posiblemente involucrando operaciones no válidas de borrado o libres. • https://www.exploit-db.com/exploits/28816 http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0293.html http://secunia.com/advisories/24889 http://securityreason.com/securityalert/2347 http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.securityfocus.com/archive/1/448766/100/0/threaded http://www.securityfocus.com/archive/1/448768/100/0/threaded http://www.securityfocus.com/bid/20539 https://exchange.xforce.ibmcloud.com/vulnerabilities/29557 • CWE-20: Improper Input Validation •