CVSS: 5.0EPSS: 4%CPEs: 35EXPL: 1CVE-2004-1491 – Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1491
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. • https://www.exploit-db.com/exploits/24828 http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html http://secunia.com/advisories/13447 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u2 http://www.securityfocus.com/bid/11901 http://www.zone-h.org/advisories/read/id=6503 https://exchange.xforce.ibmcloud.com/vulnerabilities/18457 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1490
https://notcve.org/view.php?id=CVE-2004-1490
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers. • http://secunia.com/advisories/12981 http://secunia.com/secunia_research/2004-19/advisory http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u1 http://www.securityfocus.com/bid/11883 https://exchange.xforce.ibmcloud.com/vulnerabilities/18423 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1489
https://notcve.org/view.php?id=CVE-2004-1489
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029044.html http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u1 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1201
https://notcve.org/view.php?id=CVE-2004-1201
Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://marc.info/?l=full-disclosure&m=110141347502530&w=2 http://marc.info/?l=full-disclosure&m=110144136213993&w=2 http://www.securityfocus.com/bid/11762 https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1157
https://notcve.org/view.php?id=CVE-2004-1157
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13253 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •