Konqueror Security Vulnerabilities and Issues — Konqueror CVE List

Lucene search

KdeKonqueror

8 matches found

CVE•added 2004/09/01 4:0 a.m.•79 views

CVE-2002-0970

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

7.5CVSS6.1AI score0.02398EPSS

CVE•added 2004/12/23 5:0 a.m.•67 views

CVE-2004-0867

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

7.5CVSS6.9AI score0.04214EPSS

CVE•added 2004/07/07 4:0 a.m.•62 views

CVE-2004-0411

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary...

7.5CVSS7AI score0.06491EPSS

CVE•added 2004/07/27 4:0 a.m.•60 views

CVE-2004-0721

Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

7.5CVSS6.8AI score0.00786EPSS

CVE•added 2004/09/01 4:0 a.m.•55 views

CVE-2002-1151

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

7.5CVSS6.1AI score0.02789EPSS

CVE•added 2004/04/15 4:0 a.m.•52 views

CVE-2003-0592

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulne...

7.5CVSS6.4AI score0.00712EPSS

CVE•added 2004/10/20 4:0 a.m.•52 views

CVE-2004-0746

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

7.5CVSS6.7AI score0.01495EPSS

CVE•added 2004/08/06 4:0 a.m.•46 views

CVE-2004-0527

KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

5CVSS7AI score0.02828EPSS