Page 43 of 270 results (0.007 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. Opera 9.10 no comprueba los URLs embebidos en etiquetas HTML (1) object o (2) iframe contra la lista negra de sitios fraudulentos (phishing), lo cual permite a atacantes remotos evitar la protección contra phishing. • http://securityreason.com/securityalert/2488 http://www.securityfocus.com/archive/1/464041/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33488 •

CVSS: 6.8EPSS: 6%CPEs: 1EXPL: 1

The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Opera versión 9.10, aprueba que atacantes remotos permitan a servidores remotos forzar al cliente a conectarse a otros servidores, realizar un análisis de puerto apoderado u obtener información confidencial especificando una dirección de servidor alternativa en una respuesta PASV FTP. • https://www.exploit-db.com/exploits/29769 http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf http://secunia.com/advisories/25027 http://www.novell.com/linux/security/advisories/2007_28_opera.html http://www.securityfocus.com/bid/23089 http://www.securitytracker.com/id?1017802 http://www.vupen.com/english/advisories/2007/1075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 3

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, ó Opera, permite a atacantes remotos provocar una denegación de servicio (agotamiento sin especificar de recursos) mediante una URL .pdf con un identificador de marcador que comienza con search= seguido de muchas secuencias %n, vulnerabilidad distinta a CVE-2006-6027 y CVE-2006-6236. • https://www.exploit-db.com/exploits/3430 http://www.securityfocus.com/bid/22856 http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32896 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 0

The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. Los marcos secundarios en Opera 9 antes de la versión 9.20 heredan el conjunto de caracteres por defecto de la ventana principal cuando no se especifica un conjunto de caracteres en un encabezado de tipo de contenido HTTP o etiqueta META, lo que permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS), como se demuestra utilizando el conjunto de caracteres UTF-7. • http://osvdb.org/32118 http://secunia.com/advisories/24312 http://secunia.com/advisories/25027 http://www.hardened-php.net/advisory_032007.142.html http://www.novell.com/linux/security/advisories/2007_28_opera.html http://www.opera.com/support/search/view/855 http://www.securityfocus.com/archive/1/461076/100/0/threaded http://www.securityfocus.com/bid/22701 http://www.securitytracker.com/id?1017909 http://www.vupen.com/english/advisories/2007/0745 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 1

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. Mozilla Firefox 2.0.0.1 permite a atacantes remotos evitar el mecanismo de Protección de Phising añadiendo caracteres concretos al final del nombre de dominio, como se demuestra con los caractere "." y "/", que no se capturan por el filtro de lista negra Lista de Phising. • http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php http://osvdb.org/33705 http://www.securityfocus.com/archive/1/459265/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=367538 • CWE-20: Improper Input Validation •