CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 0CVE-2004-0746
https://notcve.org/view.php?id=CVE-2004-0746
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior específicos de países, como ltd.uk o com.es, lo que podría permitir a atacantes remotos realizar un ataque de fijación de sesión y secuestrar una sesión HTTP de un usuario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109327681304401&w=2 http://secunia.com/advisories/12341 http://www.kde.org/info/security/advisory-20040823-1.txt http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086 http://www.securityfocus.com/bid/10991 https://exchange.xforce.ibmcloud.com/vulnerabilities/17063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281 https://access& •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0689
https://notcve.org/view.php?id=CVE-2004-0689
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. KDE 3.3.0 no maneja adecuadamente ciertos enlaces simbólicos que apuntan a localizaciones "gastadas", lo que podría permitir a usaurios locales crear o truncar ficheros arbitrarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://secunia.com/advisories/12276 http://security.gentoo.org/glsa/glsa-200408-13.xml http://www.debian.org/security/2004/dsa-539 http://www.kde.org/info/security/advisory-20040811-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/16963 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334 https://access.redhat.com/se • CWE-59: Improper Link Resolution Before File Access ('Link Following') •