CVSS: 9.8EPSS: 25%CPEs: 35EXPL: 1CVE-2004-1491 – Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1491
31 Dec 2004 — Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. • https://www.exploit-db.com/exploits/24828 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2004-1201
https://notcve.org/view.php?id=CVE-2004-1201
15 Dec 2004 — Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://marc.info/?l=full-disclosure&m=110141347502530&w=2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1157
https://notcve.org/view.php?id=CVE-2004-1157
10 Dec 2004 — Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13253 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2004-1615
https://notcve.org/view.php?id=CVE-2004-1615
18 Oct 2004 — Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme. • http://lcamtuf.coredump.cx/mangleme/gallery •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0872
https://notcve.org/view.php?id=CVE-2004-0872
16 Sep 2004 — Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." • http://securityfocus.com/archive/1/375407 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2004-0717
https://notcve.org/view.php?id=CVE-2004-0717
23 Jul 2004 — Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Opera 7.51 para Windows y 7.50 para Linux no previene apropiadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. También conocida como vulnerabilidad de i... • http://secunia.com/advisories/11978 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0537
https://notcve.org/view.php?id=CVE-2004-0537
08 Jun 2004 — Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces. Opera 7.50 y anteriores permite a sitios web remotos suministrar un "Icono de acceso directo" (favicon) que es más ancho de lo esperado, lo que podría permitir a los sitios web suplantar un dominio de confianza y facilitar ataques de phising usando un icono ancho y espac... • http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022263.html •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0473
https://notcve.org/view.php?id=CVE-2004-0473
20 May 2004 — Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux. El navegador Web Opera no filtra adecuadamente caractéres "-" en el comienzo de un nombre de máquina en una URI telnet, lo que permite a atacantes remotos insertar opciones en la linea de comandos res... • http://security.gentoo.org/glsa/glsa-200405-19.xml • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: 25EXPL: 1CVE-2003-0593
https://notcve.org/view.php?id=CVE-2003-0593
16 Mar 2004 — Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Opera permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto co... • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2004-2083
https://notcve.org/view.php?id=CVE-2004-2083
11 Feb 2004 — Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing." • http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test •