CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-6000 – KDE Konqueror 3.5.6 - Cookie Handling Denial of Service
https://notcve.org/view.php?id=CVE-2007-6000
15 Nov 2007 — KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. KDE Konqueror 3.5.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante parámetros de cookie HTTP grandes. • https://www.exploit-db.com/exploits/30763 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-4229 – KDE Konqueror 3.5.7 - Assert Denial of Service
https://notcve.org/view.php?id=CVE-2007-4229
08 Aug 2007 — Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en el KDE Konqueror 3.5.7 y versiones anteriores permite a atacantes remotos provocar un... • https://www.exploit-db.com/exploits/30444 •
CVSS: 7.5EPSS: 5%CPEs: 24EXPL: 4CVE-2006-3672 – KDE Konqueror 3.5.x - ReplaceChild Denial of Service
https://notcve.org/view.php?id=CVE-2006-3672
18 Jul 2006 — KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. KDE Konqueror 3.5.1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de la llamada al método replaceChild sobre un objeto DOM, el cual dispara una referencia NULL, somo se demostró con la ll... • https://www.exploit-db.com/exploits/28220 •
CVSS: 6.4EPSS: 0%CPEs: 23EXPL: 0CVE-2005-4684
https://notcve.org/view.php?id=CVE-2005-4684
31 Dec 2005 — Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0CVE-2004-0411
https://notcve.org/view.php?id=CVE-2004-0411
20 May 2004 — The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. Los manejadores de URI en Konqueror de KDE 3.2.2 y anteriores no filtran adecuadamente caractéres "-" en el inicio de un nombre de máquina en URIs (1) telnet, (2) rlogin, (3) ssh,... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 1CVE-2003-0592
https://notcve.org/view.php?id=CVE-2003-0592
16 Mar 2004 — Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Konqueror en KDE 3.1.3 y anteriores (kdelibs) permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicació... • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html •
CVSS: 9.8EPSS: 1%CPEs: 33EXPL: 0CVE-2003-0459
https://notcve.org/view.php?id=CVE-2003-0459
01 Aug 2003 — KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. KDE Konqueror de KDE 3.1.2 y anteriores no elimina los credenciales de autenticación de URLs de la forma "usuario:contraseña@máquina" en la cabecera HTTP-Referer, lo que podría permitir a sitios web remotos robar las credenciales de páginas que enlazan a esos siti... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2003-0370
https://notcve.org/view.php?id=CVE-2003-0370
05 Jun 2003 — Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. Konqueror Embedded y KDE 2.2.2 y anteriores no validan el campo Common Name (CN) en certificados X.509, lo que permitiría que atacantes remotos falsifiquen certificados mediante un ataque "man-in-the-middle". • http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html •