CVSS: 3.1EPSS: 1%CPEs: 1EXPL: 4CVE-2004-2491 – Opera Web Browser 7.53 - Location Replace URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-2491
31 Dec 2004 — A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. • https://www.exploit-db.com/exploits/24325 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2260
https://notcve.org/view.php?id=CVE-2004-2260
31 Dec 2004 — Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute. • http://secunia.com/advisories/11532 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1201
https://notcve.org/view.php?id=CVE-2004-1201
15 Dec 2004 — Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://marc.info/?l=full-disclosure&m=110141347502530&w=2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1615
https://notcve.org/view.php?id=CVE-2004-1615
18 Oct 2004 — Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme. • http://lcamtuf.coredump.cx/mangleme/gallery •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0537
https://notcve.org/view.php?id=CVE-2004-0537
08 Jun 2004 — Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces. Opera 7.50 y anteriores permite a sitios web remotos suministrar un "Icono de acceso directo" (favicon) que es más ancho de lo esperado, lo que podría permitir a los sitios web suplantar un dominio de confianza y facilitar ataques de phising usando un icono ancho y espac... • http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022263.html •
CVSS: 7.5EPSS: 46%CPEs: 1EXPL: 0CVE-2004-0473
https://notcve.org/view.php?id=CVE-2004-0473
20 May 2004 — Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux. El navegador Web Opera no filtra adecuadamente caractéres "-" en el comienzo de un nombre de máquina en una URI telnet, lo que permite a atacantes remotos insertar opciones en la linea de comandos res... • http://security.gentoo.org/glsa/glsa-200405-19.xml • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 1%CPEs: 25EXPL: 1CVE-2003-0593
https://notcve.org/view.php?id=CVE-2003-0593
16 Mar 2004 — Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Opera permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto co... • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 55%CPEs: 9EXPL: 1CVE-2002-2311
https://notcve.org/view.php?id=CVE-2002-2311
31 Dec 2002 — Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2001-1245
https://notcve.org/view.php?id=CVE-2001-1245
09 Jul 2001 — Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name. • http://online.securityfocus.com/archive/1/196980 •