Page 30 of 259 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1

CVE-2009-3266

https://notcve.org/view.php?id=CVE-2009-3266

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." El navegador Opera anterior a la versión 10.01 no restringe de manera apropiada el HTML en un (1) RSS o (2) Atom feed, que permite a los atacantes remotos realizar ataques de tipo Cross-Site Scripting (XSS), y realizar ataques de tipo cross-zone scripting, que involucran la página Feed Subscription, para leer feeds o crear subscripciones feed, por medio de un feed creado, relacionado con la representación del tipo de contenido application/rss+xml como "scripted content." • http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html http://secunia.com/advisories/37182 http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 114EXPL: 0

CVE-2009-3044

https://notcve.org/view.php?id=CVE-2009-3044

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Opera anterior v10.00 no maneja apropiadamente (1) caracter '\0' o (2)el carácter comodín invalido en el nombre de dominio en el campo Common Name (CN) de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación legítima. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6444 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 25EXPL: 0

CVE-2009-3045

https://notcve.org/view.php?id=CVE-2009-3045

Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. opera anterior a v10.00 confía en los certificados raíz X.509 firmados con el algoritmo MD2, lo que facilita a atacantes hombre-en-el-medio (Man-in-the-middle) suplantar cualquier servidor SSL a través de un certificado de servidor manipulado. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6442 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 25EXPL: 0

CVE-2009-3049

https://notcve.org/view.php?id=CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. Opera anterior v10.00 no muestra apropiadamente todos los caracteres en el nombre de dominio (IDN) en la barra de direcciones, lo que permite a atacantes remotos falsificar las URLs y derivar en ataques phishing, relacionado con Unicode y Punycode. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/932 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6235 •

CVSS: 4.3EPSS: 0%CPEs: 123EXPL: 0

CVE-2009-3048

https://notcve.org/view.php?id=CVE-2009-3048

Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." Opera anterior a la v10.00 sobre Linux, SOlaris y FreeBSD no implementa adecuadamente la funcionalidad "INPUT TYPE=file", lo que permite a atacantes remotos engañar al usuario para que suba un archivo a través de vectores que involucran un "archivo para descargar" (dropped file). • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/support/kb/view/931 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679 • CWE-20: Improper Input Validation •