VYPR

Konqueror

by KDE

Source repositories

CVEs (42)

  • CVE-2008-4382Oct 2, 2008
    risk 0.00cvss epss 0.01

    Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.

  • CVE-2007-6591Dec 28, 2007
    risk 0.00cvss epss 0.01

    KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the…

  • CVE-2007-4225Aug 8, 2007
    risk 0.00cvss epss 0.02

    Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.

  • CVE-2007-4224Aug 8, 2007
    risk 0.00cvss epss 0.02

    KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.

  • CVE-2007-3820Jul 17, 2007
    risk 0.00cvss epss 0.03

    konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

  • CVE-2007-3143Jun 11, 2007
    risk 0.00cvss epss 0.02

    Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic…

  • CVE-2007-2164Apr 22, 2007
    risk 0.00cvss epss 0.01

    Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

  • CVE-2007-1565Mar 21, 2007
    risk 0.00cvss epss 0.01

    Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.

  • CVE-2007-0537Jan 29, 2007
    risk 0.00cvss epss 0.02

    The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a…

  • CVE-2005-4684Dec 31, 2005
    risk 0.00cvss epss 0.01

    Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or…

  • CVE-2005-0237May 2, 2005
    risk 0.00cvss epss 0.02

    The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which…

  • CVE-2004-1158Jan 10, 2005
    risk 0.00cvss epss 0.03

    Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a…

  • CVE-2004-1145Dec 15, 2004
    risk 0.00cvss epss 0.04

    Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read…

  • CVE-2004-0746Oct 20, 2004
    risk 0.00cvss epss 0.02

    Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

  • CVE-2004-0870Sep 16, 2004
    risk 0.00cvss epss 0.01

    KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary…

  • CVE-2004-0721Jul 27, 2004
    risk 0.00cvss epss 0.02

    Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

  • CVE-2003-0592Apr 15, 2004
    risk 0.00cvss epss 0.04

    Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL…

  • CVE-2003-0459Aug 27, 2003
    risk 0.00cvss epss 0.03

    KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

  • CVE-2002-2333Dec 31, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

  • CVE-2002-1151Oct 11, 2002
    risk 0.00cvss epss 0.04

    The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.