Vulnerabilities > KDE > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-04-22 | CVE-2005-0754 | Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | 7.5 |
2005-01-10 | CVE-2004-1165 | Unspecified vulnerability in KDE Kdelibs and Konqueror Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | 7.5 |
2005-01-10 | CVE-2004-1158 | Remote Window Hijacking vulnerability in KDE Konqueror Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | 7.5 |
2004-12-23 | CVE-2004-0867 | Permissions, Privileges, and Access Controls vulnerability in multiple products Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
2004-12-23 | CVE-2004-0803 | Buffer Overflow vulnerability in LibTIFF Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. | 7.5 |
2004-10-20 | CVE-2004-0746 | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
2004-09-28 | CVE-2004-0689 | Link Following vulnerability in multiple products KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | 7.1 |
2004-09-16 | CVE-2004-0866 | Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
2004-07-27 | CVE-2004-0721 | Unspecified vulnerability in KDE Konqueror 3.1.3/3.2.2 Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | 7.5 |
2004-04-15 | CVE-2003-0592 | Unspecified vulnerability in KDE Konqueror and Konqueror Embedded Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. | 7.5 |