5 results (0.016 seconds)

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. KDE Konqueror 3.5.5 y 3.95.00, cuando un usuario acepta un certificado de servidor SSL basándose en el nombre de dominio CN del campo DN, considera el certificado como aceptado también para todos los nombres de dominios en los campos subjectAltName:dNSName, incluso aunque estos campos no pueden ser examinados en el producto, lo cual facilita a los atacantes remotos engañar al usuario para que acepte un certificado inválido para un sitio web falso. • http://nils.toedtmann.net/pub/subjectAltName.txt http://securityreason.com/securityalert/3498 http://www.securityfocus.com/archive/1/483929/100/100/threaded http://www.securityfocus.com/archive/1/483937/100/100/threaded http://www.securityfocus.com/archive/1/483960/100/100/threaded •

CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 2

Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad sin especificar en el KDE Konqueror 3.5.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación y afirmación fallida) a través de un HTML mal-formado, como lo demostrado con un documento que contiene las etiquetas TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET y A. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen a partir de la información de terceros. • https://www.exploit-db.com/exploits/30444 http://downloads.securityfocus.com/vulnerabilities/exploits/25170.html http://osvdb.org/42552 http://www.securityfocus.com/archive/1/475266/100/0/threaded http://www.securityfocus.com/bid/25170 •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. KDE Konqueror 3.5.7 permite a atacantes remotos suplantar la barra de direcciones URL llamando al setInterval con un intervalo pequeño y cambiando la propiedad window.location. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://secunia.com/advisories/26351 http://secunia.com/advisories/26612 http://secunia.com/advisories/26690 http://secunia.com/advisories/26720 http://secunia.com/advisories/27089 http://secunia.com/advisories/27090 http://secunia.com/advisories/27096 http://secunia.com/advisories/27106 http://secunia.com/advisories/27108 http:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. Vulnerabilidad de truncado visual en KDE Konqueror 3.5.7 permite a atacantes remotos falsificar la barra de direcciones URL mediante un URI http con una gran cantidad de espacios en blanco en la parte user/password. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html http://secunia.com/advisories/26351 http://secunia.com/advisories/26612 http://secunia.com/advisories/26690 http://secunia.com/advisories/26720 http://secunia.com/advisories/27089 http://secunia.com/advisories/27096 http://securityreason.com/securityalert/2982 http://securitytracker.com/id?1018579 http://www.kde.org/info/security/advisory-20070816-1.txt http://www.mandriva.com/security/advisories?name=MDKSA- •

CVSS: 2.6EPSS: 2%CPEs: 1EXPL: 0

konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. konqueror/konq_combo.cc en Konqueror 3.5.7 permite a atacantes remotos suplantar datos: el esquema URI en la barra de direcciones a través de una URI larga con espacios en blanco que se arrastra, lo cual previene que se muestre el comienzo de la URI. • http://alt.swiecki.net/oper1.html http://osvdb.org/37242 http://secunia.com/advisories/26091 http://secunia.com/advisories/26612 http://secunia.com/advisories/26720 http://secunia.com/advisories/27089 http://secunia.com/advisories/27090 http://secunia.com/advisories/27096 http://secunia.com/advisories/27106 http://secunia.com/advisories/27108 http://securityreason.com/securityalert/2905 http://www.kde.org/info/security/advisory-20070816-1.txt http://www.mandriva.com/ •