Page 41 of 323 results (0.012 seconds)

CVSS: 9.3EPSS: 47%CPEs: 2EXPL: 2

Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680. Desbordamiento de búfer basado en montículo en Opera v9.62 que permitiría a atacantes remotos ejecutar código a su elección a través de un fichero largo: // URI. • https://www.exploit-db.com/exploits/7135 http://archives.neohapsis.com/archives/bugtraq/2008-11/0110.html http://osvdb.org/49882 http://secunia.com/advisories/32752 http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://www.opera.com/support/kb/view/922 http://www.securityfocus.com/bid/32323 http://www.vupen.com/english/advisories/2008/3183 https://exchange.xforce.ibmcloud.com/vulnerabilities/46653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 19%CPEs: 73EXPL: 2

The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. El panel de enlaces en Opera antes de v9.62 procesa el JavaScript dentro del contexto de la "última página" de un marco, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante ataques de secuencias de comandos en sitios cruzados (XSS) • https://www.exploit-db.com/exploits/32548 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.opera.com/support/search/view/907 http://www.securityfocus.com/bid/31991 http://www.securitytracker.com/id?1021127 https://exchange.xforce.ibmcloud.com/vulnerabilities/46220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 11%CPEs: 73EXPL: 1

Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. Opera antes de v9.62 permite a atacantes remotos ejecutar comandos de su elección mediante la página de resultados Search History, una vulnerabilidad distinta a CVE-2008-4696. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.opera.com/support/search/view/906 http://www.securityfocus.com/bid/31991 http://www.securitytracker.com/id?1021128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46219 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 18%CPEs: 79EXPL: 0

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. Opera versiones anteriores a v9.60 permite a atacantes remotos obtener información sensible y tener otros impactos desconocidos prediciendo la ruta de la caché de un applet de Java cacheado y entonces lanzar este applet desde la caché, llevando a cabo la ejecución del applet dentro del contexto de la máquina local. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32177 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securitytracker.com/id?1021017 http://www.openwall.com/lists/oss-security/2008/10/21/5 http://www.openwall.com/lists/oss-security/2008/10/22/5 http://www.opera.com/docs/changelogs/freebsd/960 http://www.opera.com/docs/changelogs& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 81%CPEs: 74EXPL: 4

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Opera.dll de Opera versiones anteriores a v9.61 permite a atacantes remotos inyectar web script o HTML a través de identificadores ancla (también conocido como el "fragmento opcional"), el cual no escapa apropiadamente antes del almacenaje en la base de datos History Search (también conocido como md.dat). Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61. • https://www.exploit-db.com/exploits/9944 https://www.exploit-db.com/exploits/16304 https://www.exploit-db.com/exploits/6801 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32299 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securityreason.com/securityalert/4504 http://www.openwall.com/lists/oss-security/2008/10/21/6 http://www. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •