CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://securitytracker.com/id?1011332 http://www.securityfocus.com/bid/11186 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 0CVE-2004-0746
https://notcve.org/view.php?id=CVE-2004-0746
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior específicos de países, como ltd.uk o com.es, lo que podría permitir a atacantes remotos realizar un ataque de fijación de sesión y secuestrar una sesión HTTP de un usuario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109327681304401&w=2 http://secunia.com/advisories/12341 http://www.kde.org/info/security/advisory-20040823-1.txt http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086 http://www.securityfocus.com/bid/10991 https://exchange.xforce.ibmcloud.com/vulnerabilities/17063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281 https://access& •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2004-0690
https://notcve.org/view.php?id=CVE-2004-0690
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory. El servidor DCOP en KDE 3.2.3 y anteriores permite a usuarios locales ganar acceso autorizado mediante un ataque de enlaces simbólicos en ficheros DCOP en el directorio /tmp. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://secunia.com/advisories/12276 http://security.gentoo.org/glsa/glsa-200408-13.xml http://www.kb.cert.org/vuls/id/330638 http://www.kde.org/info/security/advisory-20040811-2.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:086 http://www.securityfocus.com/bid/10924 https:/&#x •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0689
https://notcve.org/view.php?id=CVE-2004-0689
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. KDE 3.3.0 no maneja adecuadamente ciertos enlaces simbólicos que apuntan a localizaciones "gastadas", lo que podría permitir a usaurios locales crear o truncar ficheros arbitrarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://secunia.com/advisories/12276 http://security.gentoo.org/glsa/glsa-200408-13.xml http://www.debian.org/security/2004/dsa-539 http://www.kde.org/info/security/advisory-20040811-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/16963 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334 https://access.redhat.com/se • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2004-0721
https://notcve.org/view.php?id=CVE-2004-0721
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Konqueror 3.1.3, 3.2.2, y posiblemente otras versiones no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad también conocida como "de inyección de marco". • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test http://security.gentoo.org/glsa/glsa-200408-13.xml http://www.kde.org/info/security/advisory-20040811-3.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11371 https://acc •