Page 21 of 196 results (0.017 seconds)

CVSS: 4.3EPSS: 95%CPEs: 1EXPL: 4

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. ecma/kjs_html.cpp en KDE JavaScript (KJS), como el usado en Konqueror en KDE 3.5.5, permite a atacantes remotos provocar una denegación de servicio (caída) accediendo al contenido de un iframe con un URL ftp:// en el atributo src, probablemente debido a una referencia a un puntero nulo. • https://www.exploit-db.com/exploits/29713 http://bindshell.net/advisories/konq355 http://bindshell.net/advisories/konq355/konq355-patch.diff http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html http://secunia.com/advisories/27108 http://securityreason.com/securityalert/2345 http://www.mandriva.com/security/advisories?name=MDKSA-2007:054 http://www.redhat.com/support/errata/RHSA-2007-0909.html http://www.securityfocus.com/archive/1/461897/100/0/threaded http:/&#x • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 3%CPEs: 26EXPL: 0

KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. KMail 1.9.5 y anteriores no utiliza adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que KMail no distinga visualmente entre trozos firmados y no firmados de mensajes OpenPGP con múltiples componentes, lo cual permite a atacantes remotos falsificar el contenido de un mensaje si ser detectado. • http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://secunia.com/advisories/24413 http://securityreason.com/securityalert/2353 http://www.coresecurity.com/?action=item&id=1687 http://www.securityfocus.com/archive/1/461958/100/0/threaded http://www.securityfocus.com/archive/1/461958/30/7710/threaded http://www.securityfocus.com/bid/22759 http://www.securitytracker.com/id?1017727 http://www.vupen.com/english/advisories/2007/0835 •

CVSS: 2.6EPSS: 6%CPEs: 1EXPL: 0

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. La biblioteca HTML KDE (kdelibs), como es usado en Konqueror versión 3.5.5, no analiza de manera apropiada los comentarios HTML, lo que permite a los atacantes remotos conducir ataques de tipo Cross-Site Scripting (XSS) y omitir algunos esquemas de protección XSS mediante la incorporación de ciertas etiquetas HTML en un comentario en una etiqueta title, un problema relacionado con CVE-2007-0478. • http://osvdb.org/32975 http://secunia.com/advisories/23932 http://secunia.com/advisories/24013 http://secunia.com/advisories/24065 http://secunia.com/advisories/24442 http://secunia.com/advisories/24463 http://secunia.com/advisories/24889 http://secunia.com/advisories/27108 http://securitytracker.com/id?1017591 http://www.gentoo.org/security/en/glsa/glsa-200703-10.xml http://www.kde.org/info/security/advisory-20070206-1.txt http://www.mandriva.com/security/advisories? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 6%CPEs: 17EXPL: 1

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. La especificación de Adobe PDF versión 1.3, implementada por (a) xpdf versión 3.0.1 parche 2, (b) kpdf en KDE anterior a versión 3.5.5, (c) poppler anterior a versión 0.5.4, y otros productos, permite a los atacantes remotos tener un impacto desconocido, posiblemente incluyendo la denegación de servicio (bucle infinito), ejecución de código arbitraria, o corrupción de memoria , por medio de un archivo PDF con un (1) diccionario de catálogo creado o (2) un atributo Pages creado que hace referencia a un nodo de árbol de páginas no válido. • http://docs.info.apple.com/article.html?artnum=305214 http://projects.info-pull.com/moab/MOAB-06-01-2007.html http://secunia.com/advisories/23791 http://secunia.com/advisories/23799 http://secunia.com/advisories/23808 http://secunia.com/advisories/23813 http://secunia.com/advisories/23815 http://secunia.com/advisories/23839 http://secunia.com/advisories/23844 http://secunia.com/advisories/23876 http://secunia.com/advisories/24204 http://secunia.com/advisories/24479 http • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 11%CPEs: 4EXPL: 2

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow. KsIRC 1.3.12 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una cadena PRIVMSG larga cuando se conecta a un servidor retransmisor de Chat de Internet(IRC), lo que provoca que falle una aserción y se produzca una referencia a puntero NULL. NOTA: esta vulnerabilidad se documentó originalmente como un desbordamiento de búfer . • https://www.exploit-db.com/exploits/3023 http://osvdb.org/33443 http://security.gentoo.org/glsa/glsa-200701-26.xml http://securitytracker.com/id?1017453 http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468 http://www.kde.org/info/security/advisory-20070109-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:009 http://www.securityfocus.com/archive/1/456379/100/0/threaded http://www.securityfocus.com/bid/21790 http://www.ubuntu • CWE-617: Reachable Assertion •