CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-6000 – KDE Konqueror 3.5.6 - Cookie Handling Denial of Service
https://notcve.org/view.php?id=CVE-2007-6000
15 Nov 2007 — KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. KDE Konqueror 3.5.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante parámetros de cookie HTTP grandes. • https://www.exploit-db.com/exploits/30763 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-4229 – KDE Konqueror 3.5.7 - Assert Denial of Service
https://notcve.org/view.php?id=CVE-2007-4229
08 Aug 2007 — Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en el KDE Konqueror 3.5.7 y versiones anteriores permite a atacantes remotos provocar un... • https://www.exploit-db.com/exploits/30444 •
CVSS: 7.5EPSS: 5%CPEs: 24EXPL: 4CVE-2006-3672 – KDE Konqueror 3.5.x - ReplaceChild Denial of Service
https://notcve.org/view.php?id=CVE-2006-3672
18 Jul 2006 — KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. KDE Konqueror 3.5.1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de la llamada al método replaceChild sobre un objeto DOM, el cual dispara una referencia NULL, somo se demostró con la ll... • https://www.exploit-db.com/exploits/28220 •
CVSS: 6.4EPSS: 0%CPEs: 23EXPL: 0CVE-2005-4684
https://notcve.org/view.php?id=CVE-2005-4684
31 Dec 2005 — Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html •
CVSS: 7.5EPSS: 3%CPEs: 28EXPL: 2CVE-2004-1158
https://notcve.org/view.php?id=CVE-2004-1158
10 Dec 2004 — Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://marc.info/?l=bugtraq&m=110296048613575&w=2 •
CVSS: 8.1EPSS: 4%CPEs: 27EXPL: 0CVE-2004-0867
https://notcve.org/view.php?id=CVE-2004-0867
24 Sep 2004 — Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior específicos de países, como .ltd.uk, .plc.uk, y .sch.uk, lo que podría permitir a atacantes remotos realizar ataques de fijac... • http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 3%CPEs: 27EXPL: 0CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
16 Sep 2004 — Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2004-0870
https://notcve.org/view.php?id=CVE-2004-0870
16 Sep 2004 — KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." • http://securityfocus.com/archive/1/375407 •
CVSS: 6.5EPSS: 5%CPEs: 12EXPL: 2CVE-2004-0527 – KDE Konqueror 3.x - Embedded Image URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-0527
08 Jun 2004 — KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. KDE Konqueror 2.1.1 y 2.2.2 permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HR... • https://www.exploit-db.com/exploits/24136 •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0CVE-2004-0411
https://notcve.org/view.php?id=CVE-2004-0411
20 May 2004 — The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. Los manejadores de URI en Konqueror de KDE 3.2.2 y anteriores no filtran adecuadamente caractéres "-" en el inicio de un nombre de máquina en URIs (1) telnet, (2) rlogin, (3) ssh,... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •