RSS   Vulnerabilities for 'Konqueror embedded'   RSS

2004-04-15
 
CVE-2003-0592

 

 
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

 
2003-08-27
 
CVE-2003-0459

 

 
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

 
2003-06-16
 
CVE-2003-0370

 

 
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

 
2003-06-09
 
CVE-2003-0355

 

 
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.

 

 >>> Vendor: KDE 49 Products
K-mail
KDE
Kde beta 3
KVT
KTV
Kdeutils
Konqueror
Klisa
Kopete
Konqueror embedded
Kdebase
Kdelibs
Koffice
KPDF
Dcopserver
Desktop communication protocol daemon
Kmail
Quanta
Kdegraphics
Kword
ARTS
Libkhtml
Ksirc
Amarok
Kmplayer
Kde sc
KGET
Kcheckpass
Kde pim
Kde-workspace
ARK
Trojita
Kauth
Kde-runtime
Kio-extras
Plasma-desktop
Kde applications
Plasma-workspace
Kde frameworks
Karchives
Kscreenlocker
Kde-cli-tools
KIO
Messagelib
Okular
Ktexteditor
Partition manager
Kimageformats
KATE


Copyright 2024, cxsecurity.com

 

Back to Top