exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 85 RSS Feed

Files

Konqueror 4.7.3 Memory Corruption
Posted Oct 31, 2012
Authored by Tim Brown | Site nth-dimension.org.uk

Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2012-4512, CVE-2012-4513, CVE-2012-4514, CVE-2012-4515
SHA-256 | e553338547e8f9516a41ca14cb1fb5ac3c1728638db05b0a8e2505e5ba2cfb72

Related Files

Mandriva Linux Security Advisory 2007.075
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-0242
SHA-256 | 0b26304591fe00b486f621eb4c734a5eea529f95198f336d0ce40f73f71371d5
Mandriva Linux Security Advisory 2007.074
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Andreas Nolden discover a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-0242
SHA-256 | 751458df85bc6e3a4fa9a490bc0695145ebb0526567276a22e074acfcad89074
Mandriva Linux Security Advisory 2007.072
Posted Apr 2, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command.

tags | advisory, remote, protocol
systems | linux, mandriva
advisories | CVE-2007-1564
SHA-256 | ee68a1f822a62c0a2935ff787c003d60672b64d36193c73cfe7b0f3f19b7173e
Ubuntu Security Notice 447-1
Posted Apr 2, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 447-1 - It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure.

tags | advisory, remote, denial of service, javascript, info disclosure
systems | linux, ubuntu
advisories | CVE-2007-1308, CVE-2007-1564
SHA-256 | 6f30ca5735d1ecd628e6f21841d5317e2f615139bfb316fc832a3e7b06e07d35
KDE Security Advisory 2007-03-26.1
Posted Mar 28, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.

tags | advisory, javascript
advisories | CVE-2007-1564
SHA-256 | 11a8b2185f26494437aee4a5b794dd9dfc7df3072b51c8db1a96b3d190915204
Mandriva Linux Security Advisory 2007.054
Posted Mar 9, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2007-1308
SHA-256 | 151bc594bf49a8d4c06b8d0066b3308be2e049c336aacb3b9f336c29486f9541
konq-dos.txt
Posted Mar 8, 2007
Authored by mark | Site bindshell.net

Konqueror crashes if Javascript code tries to read the source of a child iframe when it is set to a ftp:// URL.

tags | advisory, denial of service, javascript
SHA-256 | ffbeac05613ea571f4126734b453bc72f30bdd4b66c8470af2cfc41577833dd9
NDSA20070206.txt.asc
Posted Feb 8, 2007
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20070206) - The FreeProxy HTTP proxy server suffers from a denial of service condition which causes the server to hang. This occurs when an attacker makes a request for the hostname/portnumber combination in use by the server itself.

tags | advisory, web, denial of service
SHA-256 | c7b12f6799051d5027341db08ed250fa1d21493fba113dbb006a7fc84bbdda28
Ubuntu Security Notice 420-1
Posted Feb 8, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 420-1 - Jose Avila III and Robert Tasarz discovered that the KDE HTML library did not correctly parse HTML comments inside the "title" tag. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2007-0537
SHA-256 | 8c17e44af51cc760d19a656310e66096e4ed218eb06df338db24e90bbd00b6f5
Mandriva Linux Security Advisory 2007.031
Posted Feb 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - FIXME Konqueror 3.5.5 does not properly parse HTML comments in title tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478.

tags | advisory, remote, xss
systems | linux, mandriva
advisories | CVE-2007-0478, CVE-2007-0537
SHA-256 | 851720883aa79e0a8bee69fbeda498c78c19f0a54b306d8e270b0bd87cd1eacd
Secunia Security Advisory 23932
Posted Jan 27, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Konqueror, which can potentially exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 6c669fe5d7e7cd96b785f695774ba235773193e1517124884a2a9a00cdcf57f1
Mandriva Linux Security Advisory 2006.227
Posted Dec 12, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2006-6297
SHA-256 | da1868ee50acc326997dc3fd859be00a6f61c1dddcd95047aa9f6596928656cf
Mandriva Linux Security Advisory 2006.187
Posted Oct 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-187: An integer overflow was discovered in the way that Qt handled pixmap images. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using an application that uses Qt (like Konqueror), would cause it to crash or possibly execute arbitrary code with the privileges of the user.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
SHA-256 | 88cbe33bbc5f6a69752cb29e2e256cae7857261c5c3921cca8f4db01499eef28
Mandriva Linux Security Advisory 2006.186
Posted Oct 24, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-186: A vulnerability was discovered in the way that Qt handled pixmap images and the KDE khtml library used Qt in such a way that untrusted parameters could be passed to Qt, resulting in an integer overflow. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using Konqueror, would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the user.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
SHA-256 | 9f6d4da34fae459c68dab5c764226d2aae4e449beea2b0f573e368436b78b554
konqueror3.5-latest.txt
Posted Oct 20, 2006
Authored by Georgi Guninski

POC for a possible integer overflow bug in konqueror 3.5-latest.

tags | exploit, overflow
SHA-256 | 00263bb5a228545e88b8e05dee01534319248a7271970aec28977e1612e8fbe9
Ubuntu Security Notice 322-1
Posted Jul 26, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 322-1 - A Denial of Service vulnerability has been reported in the replaceChild() method in KDE's DOM handler. A malicious remote web page could exploit this to cause Konqueror to crash.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2006-3472
SHA-256 | 92238ad599a2e708ed8a3a4b773b440b56203bc2b5f20456818c8867e272f827
NDSA20060705.txt
Posted Jul 24, 2006
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20060705) - The IPCalc CGI wrapper version 0.40 is vulnerable to Javascript injection within the request URL.

tags | advisory, cgi, javascript
SHA-256 | 513ab8a7e34357e669b4f147dd257356d71af53e3132e6abbcdb05f40e3bba13
Mandriva Linux Security Advisory 2006.130
Posted Jul 24, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-130 - KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2006-3672
SHA-256 | 05f74c5ea94305a4651692b41b90b6951f6a118600d25126dca3386ed10349ba
karpion-0.1.0.tar.bz2
Posted Apr 29, 2006
Authored by Meni Livne | Site opdb.berlios.de

Konqueror Anti-Phishing Toolbar is an add-on for the Konqueror browser that utilizes the Open Phishing Database to provide the user with information and tools that help protect against phishing.

SHA-256 | 8778511b8024af36f5d5cfc1b3f0fb7f937f88a430645b938233ab1b5dfbaf4e
FLSA-2006-178606.txt
Posted Mar 21, 2006
Site fedoralegacy.org

Fedora Legacy Update Advisory - The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

tags | advisory, remote, spoof
systems | linux, fedora
SHA-256 | ee6f50d49649eced00d8838ca76b59d9bfb34379acdb09d9b6ecab2c83abde88
SUSE-SA-2006-003.txt
Posted Jan 26, 2006
Authored by Ludwig Nussel | Site suse.com

SUSE Security Announcement - Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick users into visiting specially crafted web sites that exploit this bug (CVE-2006-0019).

tags | advisory, web, overflow, arbitrary, javascript
systems | linux, suse
SHA-256 | c28d6c9ffd4342fd4f859e8dacce3e1f2ad0b7d4b783c8275b49a9b1289f642e
Ubuntu Security Notice 245-1
Posted Jan 25, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow. By tricking an user into visiting a web site with malicious JavaScript code, a remote attacker could exploit this to execute arbitrary code with user privileges.

tags | advisory, remote, web, overflow, arbitrary, javascript
systems | linux, ubuntu
SHA-256 | 137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1
kde-20060119-1.txt
Posted Jan 25, 2006
Authored by KDE | Site kde.org

KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability - Maksim Orlovich discovered an incorrect bounds check in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences.

tags | advisory, overflow, javascript
SHA-256 | de2920898469668b8477e01dd441a86ad76defc9f97dee827f74e04b4fc113f6
Debian Linux Security Advisory 948-1
Posted Jan 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 948-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.

tags | advisory, overflow, javascript
systems | linux, debian
SHA-256 | 0781f0a400bb0e5aeefb472bce0a90842a82fff9a9b06bf448e712f6c98cc614
usn-245-1.txt
Posted Jan 22, 2006
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.

tags | advisory, overflow, javascript
systems | linux, ubuntu
SHA-256 | 137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1
Page 3 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close