Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Konqueror
(Kde)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-08-08 | CVE-2007-4225 | Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. | Konqueror | N/A | ||
| 2007-08-08 | CVE-2007-4224 | KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. | Konqueror | N/A | ||
| 2007-07-16 | CVE-2007-3820 | konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | Konqueror | N/A | ||
| 2007-06-11 | CVE-2007-3143 | Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | Konqueror | N/A | ||
| 2007-04-22 | CVE-2007-2164 | Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | Konqueror | N/A | ||
| 2007-03-21 | CVE-2007-1565 | Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. | Konqueror | N/A | ||
| 2007-03-21 | CVE-2007-1564 | The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | Konqueror | N/A | ||
| 2007-03-06 | CVE-2007-1308 | ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. | Konqueror | N/A | ||
| 2007-01-29 | CVE-2007-0537 | The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. | Konqueror | N/A | ||
| 2006-07-18 | CVE-2006-3672 | KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. | Konqueror | N/A |