19 results (0.004 seconds)

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 2

KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. KDE Konqueror 3.5.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante parámetros de cookie HTTP grandes. • https://www.exploit-db.com/exploits/30763 http://securityreason.com/securityalert/3370 http://www.securityfocus.com/archive/1/483705/100/0/threaded http://www.securityfocus.com/bid/26435 https://exchange.xforce.ibmcloud.com/vulnerabilities/38456 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 2

Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en el KDE Konqueror 3.5.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación y afirmación fallida) a través de un HTML mal-formado, como lo demostrado con un documento que contiene las etiquetas TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET y A. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen a partir de la información de terceros. • https://www.exploit-db.com/exploits/30444 http://downloads.securityfocus.com/vulnerabilities/exploits/25170.html http://osvdb.org/42552 http://www.securityfocus.com/archive/1/475266/100/0/threaded http://www.securityfocus.com/bid/25170 •

CVSS: 2.6EPSS: 6%CPEs: 24EXPL: 4

KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. KDE Konqueror 3.5.1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de la llamada al método replaceChild sobre un objeto DOM, el cual dispara una referencia NULL, somo se demostró con la llamada a document.replaceChild con un argumento 0 (zero). • https://www.exploit-db.com/exploits/28220 http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:130 http://www.osvdb.org/27058 http://www.securityfocus.com/bid/18978 http://www.ubuntu.com/usn/usn-322-1 http://www.vupen.com/english/advisories/2006/2812 https://exchange.xforce.ibmcloud.com/vulnerabilities/27744 •

CVSS: 6.4EPSS: 0%CPEs: 23EXPL: 0

Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html http://www.securityfocus.com/bid/15331 https://exchange.xforce.ibmcloud.com/vulnerabilities/25291 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html http://secunia.com/advisories/14162 http://www.kde.org/info/security/advisory-20050316-2.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:058 http://www.redhat.com/support/errata/RHSA-2005-325.html http://www.securityfocus.com/archive/1/427976/100/0/threaded http://www.securityfocus.com/bid/12461 http://www •