CVE-2003-0593
https://notcve.org/view.php?id=CVE-2003-0593
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Opera permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto codificado) en una URL, lo que hace que Opera envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2002-2311
https://notcve.org/view.php?id=CVE-2002-2311
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 http://online.securityfocus.com/archive/1/284068 http://www.iss.net/security_center/static/9653.php http://www.securityfocus.com/bid/5290 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2002-2358 – Opera 6.0.x - FTP View Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2358
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. • https://www.exploit-db.com/exploits/21681 http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html http://online.securityfocus.com/archive/1/286151 http://www.iss.net/security_center/static/9757.php http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47 http://www.securityfocus.com/bid/5401 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2002-1091
https://notcve.org/view.php?id=CVE-2002-1091
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. • http://bugzilla.mozilla.org/show_bug.cgi?id=157989 http://crash.ihug.co.nz/~Sneuro/zerogif http://marc.info/?l=bugtraq&m=103134051120770&w=2 http://www.iss.net/security_center/static/10058.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 http://www.redhat.com/support/errata/RHSA-2002-192.html http://www.redhat.com/support/errata/RHSA-2003-046.html http://www.securityfocus.com/bid/5665 https://access.redhat.com/security/cve/CVE-2002-1091 h •
CVE-2002-0783 – Opera 5.12/6.0 - Frame Location Same Origin Policy Circumvention
https://notcve.org/view.php?id=CVE-2002-0783
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. • https://www.exploit-db.com/exploits/21451 http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html http://www.iss.net/security_center/static/9096.php http://www.securityfocus.com/bid/4745 •