Page 30 of 266 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Opera 9 y 10 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de feeds (1) RSS o (2) Atom, relacionado con el renderizado de contenido del tipo application/rss+xml como "contenido de secuencias de comandos". NOTA: El fabricante considera esto como una "característica de diseño" y no una vulnerabilidad. • http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://www.securityfocus.com/archive/1/506517/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." El navegador Opera anterior a la versión 10.01 no restringe de manera apropiada el HTML en un (1) RSS o (2) Atom feed, que permite a los atacantes remotos realizar ataques de tipo Cross-Site Scripting (XSS), y realizar ataques de tipo cross-zone scripting, que involucran la página Feed Subscription, para leer feeds o crear subscripciones feed, por medio de un feed creado, relacionado con la representación del tipo de contenido application/rss+xml como "scripted content." • http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html http://secunia.com/advisories/37182 http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 86EXPL: 1

Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Opera v9.52 y anteriores permite a atacantes remotos producir una denegación de servicio (navegador inutilizado), mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacionado con CVE-2009-0821. • https://www.exploit-db.com/exploits/12509 http://websecurity.com.ua/2456 http://www.securityfocus.com/archive/1/506328/100/100/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6350 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 110EXPL: 0

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. Opera v9.52 y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de CPU) a través de series de envíos automáticos de un formulario que contiene un elemento generador de claves, una vulnerabilidad relacionada con CVE-2009-1828. • http://websecurity.com.ua/3194 http://www.securityfocus.com/archive/1/506328/100/100/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6358 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 114EXPL: 0

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Opera anterior v10.00 no maneja apropiadamente (1) caracter '\0' o (2)el carácter comodín invalido en el nombre de dominio en el campo Common Name (CN) de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación legítima. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6444 • CWE-310: Cryptographic Issues •