Page 42 of 228 results (0.010 seconds)

CVSS: 5.0EPSS: 1%CPEs: 84EXPL: 0

The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames. • http://marc.info/?l=bugtraq&m=112724692219695&w=2 http://secunia.com/advisories/16645 http://secunia.com/secunia_research/2005-42/advisory http://www.opera.com/docs/changelogs/linux/850 http://www.opera.com/docs/changelogs/windows/850 http://www.osvdb.org/19508 http://www.securityfocus.com/advisories/9339 http://www.securityfocus.com/bid/14880 http://www.vupen.com/english/advisories/2005/1789 https://exchange.xforce.ibmcloud.com/vulnerabilities/22335 •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking". Un error de diseño en Opera 8.01 y anteriores permite a atacantes con la implicación del usuario superponer una ventana nueva maliciosa sobre un cuadro de diálogo de descarga de fichero, y entonces engañar al usuario para que haga doble clic en el botón "Ejecutar", tcc "link hijacking". • http://secunia.com/advisories/15781 http://secunia.com/secunia_research/2005-19/advisory http://securitytracker.com/id?1015353 http://www.opera.com/linux/changelogs/802 http://www.securityfocus.com/bid/15835 http://www.vupen.com/english/advisories/2005/1251 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. • http://secunia.com/advisories/15008 http://secunia.com/secunia_research/2005-4/advisory http://www.securityfocus.com/bid/13970 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. • http://secunia.com/advisories/15411 http://secunia.com/secunia_research/2005-5/advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. • http://bugs.gentoo.org/show_bug.cgi?id=81747 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml • CWE-427: Uncontrolled Search Path Element •