33 matches found
CVE-2002-0970
Technical details about CVE-2002-0970 (affected software, affected component, exploit vectors, or fixes) are not provided in the connected documents. Monitor for updates from vendors and security advisories.
CVE-2004-0411
CVE-2004-0411 describes improper filtering of leading '-' characters in hostname fields within telnet, rlogin, ssh, and mailto URI handlers in KDE/KDelibs up to version prior to 3.2.2 (and earlier). The vulnerability allows remote attackers to influence the options passed to the invoked programs,...
CVE-2004-0867
CVE-2004-0867 affects Mozilla Firefox 0.9.2 by allowing websites to set cookies for country-specific top‑level domains (e.g., .ltd.uk, .plc.uk, .sch.uk), which could enable a session‑fixation attack and session hijack. The note indicates 2.x may also be affected. Technical details in the provided...
CVE-2004-0721
CVE-2004-0721 affects Konqueror 3.1.3, 3.2.2 (and possibly other versions) where a frame in one domain can inject content into a frame in another domain, enabling web site spoofing and related attacks. The vulnerability stems from insufficient cross-domain frame isolation, as described in KDE/SUS...
CVE-2005-0237
The CVE-2005-0237 issue affects Konqueror 3.2.1 (KDE 3.2.1): IDN support allows spoofing of domain names using punycode/homograph characters in URLs and SSL certificates, enabling phishing. Mitigation is to install the KDE/kdelibs3 security updates referenced by multiple advisories (e.g., SUSE-SA...
CVE-2004-1165
CVE-2004-1165 affects Konqueror 3.3.1, where a crafted ftp:// URL containing a URL-encoded newline (%0a) can inject FTP commands (e.g., PORT) into the session. Exploitation would occur via remote interaction with the FTP handling code within Konqueror. Public advisories reference kdelibs/kdebase ...
CVE-2007-1308
CVE-2007-1308 affects KDE Konqueror's JavaScript engine (KJS) in KDE 3.5.5, allowing a remote user to cause a denial of service (crash) by loading an iframe with an ftp:// URI in the src attribute (NULL pointer dereference). Concrete details and affected components are documented in connected adv...
CVE-2003-0592
CVE-2003-0592 affects KDE’s kdelibs (Konqueror) up to version 3.1.3. The flaw lets remote attackers bypass cookie-path restrictions by using encoded relative path components (e.g., /.. or %2e%2e) in a URL, causing cookies to be sent to a path outside the intended subset and potentially to another...
CVE-2004-0866
CVE-2004-0866 involves Internet Explorer 6.0. The vulnerability allows websites to set cookies for country‑specific top‑level domains (e.g., .ltd.uk, .plc.uk, .sch.uk), which could enable a remote attacker to perform a session fixation attack and hijack a user’s HTTP session. The provided documen...
CVE-2007-0537
CVE-2007-0537 affects KDE kdelibs (used by Konqueror 3.5.5); the vulnerability arises from improper parsing of HTML comments, enabling remote XSS and bypassing some protections by embedding certain tags within a comment in a title tag. Documented in multiple advisories (Mandrake/MDKSA, RHSA, Open...
CVE-2007-2164
CVE-2007-2164 affects Konqueror 3.5.5 (release 45.4). The issue is a denial of service caused by JavaScript that matches a regex against a long string, demonstrated with /(.)*/. The vulnerability arises in the browser’s handling of such regex patterns, potentially leading to a crash or abort. Con...
CVE-2002-1151
CVE-2002-1151 affects Konqueror in KDE 2.2.2 and 3.0–3.0.3, where Konqueror’s cross-site scripting protection fails to correctly initialize domains on sub-frames/sub-iframes. This can allow remote attackers to run script and steal cookies from subframes that are in other domains. The issue is tie...
CVE-2004-1158
CVE-2004-1158 affects Konqueror 3.x up to 3.2.2-6 (and possibly other versions). The vulnerability, described as a window-injection issue, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab that resides in a different domain, demo...
CVE-2007-6591
CVE-2007-6591 affects KDE Konqueror 3.5.5 and 3.95.00. When a user accepts an SSL certificate based on the CN in the DN, Konqueror also treats it as valid for all names in subjectAltName:dNSName, even though SANs cannot be examined in the product. This enables attackers to trick users into accept...
CVE-2009-2537
CVE-2009-2537 describes a denial of service in KDE Konqueror caused by processing a very large integer for the length property of a Select element. The issue is tied to the WebKit/KHTML stack used by Konqueror and results in memory exhaustion on remote providers. Connected advisories (e.g., Mandr...
CVE-2004-0746
CVE-2004-0746 affects Konqueror in KDE 3.2.3 and earlier. The issue allows a remote attacker to cause a web site to set cookies for country-specific top‑level domains (for example .ltd.uk, .plc.uk, .firm.in), enabling a session fixation attack and potential HTTP session hijacking. Connected docum...
CVE-2007-4224
CVE-2007-4224 affects KDE Konqueror 3.5.7, describing a remote-address-bar spoof in which an attacker can spoof the URL by calling setInterval with a short interval and changing window.location. The vulnerability targets Konqueror’s handling of the address bar and is documented alongside related ...
CVE-2007-4225
CVE-2007-4225 affects KDE Konqueror 3.5.7. It is a visual truncation vulnerability that lets remote attackers spoof the URL address bar using an http URI with excessive whitespace in the user/password portion. CVSS data indicates network access, no authentication, and partial impact on confidenti...
CVE-2007-3143
CVE-2007-3143 affects Konqueror 3.5.5. The issue is a visual truncation vulnerability in the address bar: when a long hostname is shown, it is truncated, which can allow remote attackers to spoof the URL and potentially conduct phishing attacks (notably demonstrated via HTTP Basic Authentication)...
CVE-2003-0459
CVE-2003-0459 affects KDE Konqueror up to version 3.1.2, where credentials in URLs of the form user:password@host in the HTTP-Referer header are not removed. This may allow remote websites to steal user credentials for pages that link to them. The issue is a Kotlin? (not applicable) credential le...
CVE-2007-3820
CVE-2007-3820 affects Konqueror (Konqueror 3.5.7) via konq_combo.cc: remote attacker can spoof the data: URI in the address bar by sending a long URI with trailing whitespace, causing the start of the URI to be hidden. This is a Konqueror/address-bar spoofing flaw. Public advisories exist (e.g., ...
CVE-2008-5712
The CVE-2008-5712 issue affects KDE Konqueror 3.5.9 where the HTML parser can trigger a denial of service (application crash) by parsing overly long attributes: (1) COLOR in HR, and (2) BGCOLOR or BORDERCOLOR in TABLE, TD, or TR elements. The FONT vector is noted as covered by CVE-2008-4514. Root...
CVE-2007-1565
CVE-2007-1565 affects Konqueror 3.5.5. The vulnerability occurs when JavaScript can read a child iframe with an ftp:// URI, allowing remote attackers to cause a denial of service (crash). Affected component is Konqueror’s handling of iframes/JavaScript; root cause is improper handling of FTP-rela...
CVE-2004-0870
CVE-2004-0870 affects KDE Konqueror. The issue: cookies set over HTTP can be seen on HTTPS within the same domain, enabling potential cookie theft and unauthorized activity (Cross Security Boundary Cookie Injection). The core cause is insecure-channel cookies being presented on secure channels fo...
CVE-2005-4684
The vulnerability CVE-2005-4684 affects Konqueror and is caused by the DNS resolver handling a non-root domain in its search list, enabling a cookie to be associated with multiple domains or an attacker to steal cookies for an expanded hostname. The evidence in connected documents confirms the is...
CVE-2007-4229
CVE-2007-4229 affects KDE Konqueror 3.5.7 and earlier. The vulnerability allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, demonstrated by documents containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. Root cause ...
CVE-2008-5698
CVE-2008-5698 affects Konqueror (KDE 3.5.9 and 3.5.10). The vulnerability is described as a denial of service caused by an invalid document.load call that triggers use of a deleted object in HTMLTokenizer::scriptHandler. The issue is a remote-triggered crash and is linked to the use of a deleted ...
CVE-2004-0527
CVE-2004-0527 affects KDE Konqueror 2.1.1 and 2.2.2. The issue allows remote attackers to spoof a legitimate URL in the status bar by using A HREF tags with modified alt values that point to the legitimate site, combined with an image map whose href points to the malicious site, enabling a phishi...
CVE-2008-4382
Affected software: Konqueror in KDE 3.5.9. The vulnerability is triggered by JavaScript calling alert() with a URL-encoded string containing a large number of invalid characters, leading to an application crash (DoS). The supplied documents do not provide a specific patch/version for remediation....
CVE-2006-3672
The CVE-2006-3672 issue affects KDE Konqueror 3.5.1 and earlier, where a remote attacker can cause a denial of service (application crash) by invoking replaceChild on a DOM object, triggering a null dereference (demonstrated by document.replaceChild with a 0 argument). Affected products are KDE K...
CVE-2007-1564
CVE-2007-1564 concerns Konqueror 3.5.5’s FTP protocol handling. The vulnerability arises when a remote FTP server supplies an overly crafted PASV response, which can force the Konqueror client to connect to arbitrary servers. This behavior could enable a nearby attacker to perform a proxied port-...
CVE-2003-1478
CVE-2003-1478 affects Konqueror in KDE 3.0.3. A crafted web page that starts with a 0xFF 0xFE byte sequence and many CRLFs can trigger a denial of service (core dump). Documented example uses freeze.htm. The sources note the vulnerability and impact but do not provide patch/version details or exp...
CVE-2007-6000
CVE-2007-6000 affects KDE Konqueror up to version 3.5.6, allowing remote attackers to trigger a denial of service (crash) by sending large HTTP cookie parameters. Affected software: Konqueror (KDE desktop) prior to 3.5.7(?) with reliance on cookie handling. Root cause details are not extensively ...