CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2007-3820 affects Konqueror (Konqueror 3.5.7) via konq_combo.cc: remote attacker can spoof the data: URI in the address bar by sending a long URI with trailing whitespace, causing the start of the URI to be hidden. This is a Konqueror/address-bar spoofing flaw. Public advisories exist (e.g., ...

2.6CVSS6AI score0.01182EPSS

Exploits0References26Affected Software1

Tenable Nessus•added 2004/09/29 12:0 a.m.•36 views

Debian DSA-155-1 : kdelibs - privacy escalation with Konqueror

Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn't check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed. This makes it possible for anyone with a...

7.5CVSS5.3AI score0.02398EPSS

Exploits1References2

Cvelist•added 2004/09/01 4:0 a.m.•19 views

CVE-2002-1152

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing...

6.6AI score0.01427EPSS

Exploits0References5

Cvelist•added 2004/06/08 4:0 a.m.•20 views

CVE-2004-0527

KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack...

6.6AI score0.02828EPSS

Exploits1References3

NVD•added 2003/08/27 4:0 a.m.•18 views

CVE-2003-0459

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites...

5CVSS6.7AI score0.01525EPSS

Exploits0References10

RedHat Linux•added 2003/07/30 8:48 p.m.•53 views

Moderate: Red Hat Security Advisory: kdelibs security update

This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication...

5CVSS5.8AI score0.01525EPSS

Exploits0References3

securityvulns•added 2003/07/30 12:0 a.m.•44 views

KDE Security Advisory: Konqueror Referrer Authentication Leak

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: Konqueror Referer Leaking Website Authentication Credentials Original Release Date: 2003-07-29 URL: http://www.kde.org/info/security/advisory-20030729-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-04...

5CVSS0.6AI score0.01525EPSS

Exploits0

NVD•added 2003/06/16 4:0 a.m.•19 views

CVE-2003-0370

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name CN field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack...

7.5CVSS6.4AI score0.00942EPSS

Exploits0References8

NVD•added 2002/10/11 4:0 a.m.•17 views

CVE-2002-1152

7.5CVSS6.6AI score0.01427EPSS

Exploits0References5