Vulnerabilities > KDE > Konqueror > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-11 | CVE-2007-3143 | Authentication Server Domain Spoofing vulnerability in KDE Konqueror 3.5.5 Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | 6.4 |
2007-04-22 | CVE-2007-2164 | Denial-Of-Service vulnerability in KDE Konqueror 3.5.5 Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | 5.0 |
2007-03-21 | CVE-2007-1564 | Information Exposure vulnerability in KDE Konqueror 3.5.5 The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
2007-03-07 | CVE-2007-1308 | Resource Management Errors vulnerability in KDE Konqueror 3.5.5 ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. | 4.3 |
2005-12-31 | CVE-2005-4684 | Unspecified vulnerability in KDE Konqueror Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | 6.4 |
2005-05-02 | CVE-2005-0237 | Unspecified vulnerability in KDE and Konqueror The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |
2004-09-16 | CVE-2004-0870 | Remote Security vulnerability in Konqueror KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | 5.0 |
2004-08-06 | CVE-2004-0527 | Unspecified vulnerability in KDE Konqueror KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | 5.0 |
2003-12-31 | CVE-2003-1478 | Buffer Errors vulnerability in KDE Konqueror 3.0.3 Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm. | 4.3 |
2003-08-27 | CVE-2003-0459 | KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | 5.0 |