
CVE-2004-1158
https://notcve.org/view.php?id=CVE-2004-1158
10 Dec 2004 — Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://marc.info/?l=bugtraq&m=110296048613575&w=2 •

CVE-2004-1165 – KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution
https://notcve.org/view.php?id=CVE-2004-1165
10 Dec 2004 — Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24801 •

CVE-2004-0867
https://notcve.org/view.php?id=CVE-2004-0867
24 Sep 2004 — Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior específicos de países, como .ltd.uk, .plc.uk, y .sch.uk, lo que podría permitir a atacantes remotos realizar ataques de fijac... • http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
16 Sep 2004 — Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 •

CVE-2004-0870
https://notcve.org/view.php?id=CVE-2004-0870
16 Sep 2004 — KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." • http://securityfocus.com/archive/1/375407 •

CVE-2004-0746
https://notcve.org/view.php?id=CVE-2004-0746
14 Sep 2004 — Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior específicos de países, como ltd.uk o com.es, lo que podría permitir a atacantes remotos realizar un ataque de fijación de sesión y secuestrar una sesión... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 •

CVE-2004-0721
https://notcve.org/view.php?id=CVE-2004-0721
23 Jul 2004 — Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Konqueror 3.1.3, 3.2.2, y posiblemente otras versiones no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad tam... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 •

CVE-2004-0527 – KDE Konqueror 3.x - Embedded Image URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-0527
08 Jun 2004 — KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. KDE Konqueror 2.1.1 y 2.2.2 permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HR... • https://www.exploit-db.com/exploits/24136 •

CVE-2004-0411
https://notcve.org/view.php?id=CVE-2004-0411
20 May 2004 — The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. Los manejadores de URI en Konqueror de KDE 3.2.2 y anteriores no filtran adecuadamente caractéres "-" en el inicio de un nombre de máquina en URIs (1) telnet, (2) rlogin, (3) ssh,... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVE-2003-0592
https://notcve.org/view.php?id=CVE-2003-0592
16 Mar 2004 — Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Konqueror en KDE 3.1.3 y anteriores (kdelibs) permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicació... • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html •