Page 35 of 325 results (0.014 seconds)

CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0

Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. Opera v10.01 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un nombre de dominio manipulado. • http://secunia.com/advisories/37182 http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view/938 http://www.osvdb.org/59357 http://www.securityfocus.com/bid/36850 http://www.vupen.com/english/advisories/2009/3073 https://exchange.xforce.ibmcloud.com/vulnerabilities/54020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-787: Out-of-bounds Write •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. Opera en versiones anteriores a v10.01 corriendo sobre Windows no previene el uso de fuentes web en el renderizado de la interfaz de usuario, lo que permite a atacantes remotos falsificar el campo "dirección" a través de una pagina web manipulada. • http://secunia.com/advisories/37182 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view/940 http://www.osvdb.org/59359 http://www.securityfocus.com/bid/36850 http://www.vupen.com/english/advisories/2009/3073 https://exchange.xforce.ibmcloud.com/vulnerabilities/54022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6384 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Opera 9 y 10 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través de feeds (1) RSS o (2) Atom, relacionado con el renderizado de contenido del tipo application/rss+xml como "contenido de secuencias de comandos". NOTA: El fabricante considera esto como una "característica de diseño" y no una vulnerabilidad. • http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://www.securityfocus.com/archive/1/506517/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." El navegador Opera anterior a la versión 10.01 no restringe de manera apropiada el HTML en un (1) RSS o (2) Atom feed, que permite a los atacantes remotos realizar ataques de tipo Cross-Site Scripting (XSS), y realizar ataques de tipo cross-zone scripting, que involucran la página Feed Subscription, para leer feeds o crear subscripciones feed, por medio de un feed creado, relacionado con la representación del tipo de contenido application/rss+xml como "scripted content." • http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html http://secunia.com/advisories/37182 http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads http://www.opera.com/docs/changelogs/mac/1001 http://www.opera.com/docs/changelogs/unix/1001 http://www.opera.com/docs/changelogs/windows/1001 http://www.opera.com/support/kb/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 86EXPL: 1

Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Opera v9.52 y anteriores permite a atacantes remotos producir una denegación de servicio (navegador inutilizado), mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacionado con CVE-2009-0821. • https://www.exploit-db.com/exploits/12509 http://websecurity.com.ua/2456 http://www.securityfocus.com/archive/1/506328/100/100/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6350 • CWE-399: Resource Management Errors •