Page 36 of 188 results (0.008 seconds)

CVSS: 6.8EPSS: 1%CPEs: 103EXPL: 0

Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. Opera antes de 9.26 permite a atacantes remotos asistidos por el usuario leer archivos de su elección engañando al usuario para que escriba los caracteres de nombre de archivo objetivo en un fichero de entrada. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/877 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 102EXPL: 0

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuecias de comandos de dominios cruzados a través de vectores desconocidos relacionado con extensiones. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.securityfocus.com/bid/26937 http://www.securitytracker.com/id?1019131 http://www.vup • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 102EXPL: 0

The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. El texto enriquecido en la funcionalidad de edición de Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuencias de comandos de dominios cruzados utilizando el modo diseño (designMode) para modificar contenidos de páginas en otros dominios. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.opera.com/support/search/view/875 http://www.securityfocus.com/bid/26937 http:/&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0

Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. Opera versiones anteriores a 9.25, permite a los atacantes remotos obtener contenido de memoria potencialmente confidencial por medio de un archivo de mapa de bits diseñado (BMP), como es demostrado usando un elemento CANVAS y JavaScript en un documento HTML para copiar estos contenidos desde versión 9.50 beta, un problema relacionado con CVE-2008-0420. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://osvdb.org/42691 http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://securitytracker.com/id?1019435 http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.opera.com/support/sear • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 11%CPEs: 102EXPL: 0

Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. Vulnerabilidad no especificada en Opera anterior a 9.25 permite a atacantes remotos ejecutar código de su elección a través de certificados TLS manipulados. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.securityfocus.com/bid/26937 http://www.securitytracker.com/id?1019131 http://www.vup • CWE-310: Cryptographic Issues •