8 matches found
SUSE CVE-2007-1564
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...
Scientific Linux Security Update : kdelibs on SL5.x, SL4.x i386/x86_64
Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. CVE-2007-0242, CVE-2007-0537 A flaw was found in KDE JavaScript implementation. A web page containing...
SuSE 10 Security Update : kdelibs3 (ZYPP Patch Number 3053)
A bug in KHTML could be exploited to conduct cross site scripting XSS attacks. CVE-2007-0537 Another bug allowed attackers to abuse the FTP passive mode for portscans. CVE-2007-1564 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
SuSE 10 Security Update : kdelibs3,kdelibs3-devel,CVE-2007-1564 (ZYPP Patch Number 3988)
A bug in konqueror allowed attackers to abuse the FTP passive mode for portscans. CVE-2007-1564 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29483;...
Ubuntu 5.10 / 6.06 LTS / 6.10 : kdelibs vulnerabilities (USN-447-1)
It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. CVE-2007-1308 A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were...
Moderate: Red Hat Security Advisory: kdelibs security update
Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment KDE. Two...
Moderate: kdelibs security update
3.5.4-13.el5.0.1 - Remove Version branding - Maximum rpm trademark logos removed pics/crystalsvg/-mime-rpm 3.5.4-13.el5 - Resolves: 293571 CVE-2007-0537 Konqueror improper HTML comment rendering CVE-2007-1564 FTP protocol PASV design flaw affects konqueror 3.5.4-12.el5 - resolves: 293421,...
CVE-2007-1564
CVE-2007-1564 concerns Konqueror 3.5.5’s FTP protocol handling. The vulnerability arises when a remote FTP server supplies an overly crafted PASV response, which can force the Konqueror client to connect to arbitrary servers. This behavior could enable a nearby attacker to perform a proxied port-...