14 matches found
EUVD-2007-1559
Malware in sbrugna...
CVE-2007-3143
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication...
CVE-2007-3143
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication...
Design/Logic Flaw
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication...
CVE-2007-3143
CVE-2007-3143 affects Konqueror 3.5.5. The issue is a visual truncation vulnerability in the address bar: when a long hostname is shown, it is truncated, which can allow remote attackers to spoof the URL and potentially conduct phishing attacks (notably demonstrated via HTTP Basic Authentication)...
CVE-2007-2164
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:072)
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command. Updated packages have been patched to address thi...
Code injection
Konqueror 3.5.5 allows remote attackers to cause a denial of service crash by using JavaScript to read a child iframe having an ftp:// URI...
Information disclosure
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...
Konqueror 3.5.5 - JavaScript Read of FTP Iframe Denial of Service
Konqueror 3.5.5 - JavaScript Read of FTP Iframe Denial of Service Demo of how to make Konqueror 3.5.5 crash by [email protected]. Simply load this file in Konqueror. Vulnerable versions should segfault instantly with a null pointer exception. readiframe = functioniframename var banner =...
Konqueror 3.5.5 - JavaScript Read of FTP Iframe Denial of Service
Demo of how to make Konqueror 3.5.5 crash by [email protected]. Simply load this file in Konqueror. Vulnerable versions should segfault instantly with a null pointer exception. readiframe = functioniframename var banner = document.getElementByIdiframename.contentWindow.document.body.innerHTML;...
Cross site scripting
The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...
CVE-2007-0537
The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...
CVE-2007-0537
The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...