CVE-2004-2491 – Opera Web Browser 7.53 - Location Replace URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-2491
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. • https://www.exploit-db.com/exploits/24325 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html http://secunia.com/advisories/12162 http://www.opera.com/windows/changelogs/754 http://www.osvdb.org/8317 http://www.securityfocus.com/bid/10810 https://exchange.xforce.ibmcloud.com/vulnerabilities/16816 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2004-1201
https://notcve.org/view.php?id=CVE-2004-1201
Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://marc.info/?l=full-disclosure&m=110141347502530&w=2 http://marc.info/?l=full-disclosure&m=110144136213993&w=2 http://www.securityfocus.com/bid/11762 https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 • CWE-400: Uncontrolled Resource Consumption •
CVE-2004-1615
https://notcve.org/view.php?id=CVE-2004-1615
Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme. • http://lcamtuf.coredump.cx/mangleme/gallery http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html http://marc.info/?l=bugtraq&m=109811406620511&w=2 http://www.securityfocus.com/bid/11441 https://exchange.xforce.ibmcloud.com/vulnerabilities/17806 •
CVE-2004-0537
https://notcve.org/view.php?id=CVE-2004-0537
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces. Opera 7.50 y anteriores permite a sitios web remotos suministrar un "Icono de acceso directo" (favicon) que es más ancho de lo esperado, lo que podría permitir a los sitios web suplantar un dominio de confianza y facilitar ataques de phising usando un icono ancho y espacios extra. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022263.html http://marc.info/?l=bugtraq&m=108627581717738&w=2 http://osvdb.org/6590 http://secunia.com/advisories/11762 http://security.greymagic.com/security/advisories/gm007-op http://www.opera.com/linux/changelogs/751/index.dml http://www.securityfocus.com/bid/10452 https://exchange.xforce.ibmcloud.com/vulnerabilities/16307 •
CVE-2004-0473
https://notcve.org/view.php?id=CVE-2004-0473
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux. El navegador Web Opera no filtra adecuadamente caractéres "-" en el comienzo de un nombre de máquina en una URI telnet, lo que permite a atacantes remotos insertar opciones en la linea de comandos resultante y sobreescribir ficheros de su elección mediante la opción "-f" en Windows XP o "-n" en Linux. • http://security.gentoo.org/glsa/glsa-200405-19.xml http://securitytracker.com/id?1010142 http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities http://www.opera.com/linux/changelogs/750/index.dml http://www.securityfocus.com/bid/10341 https://exchange.xforce.ibmcloud.com/vulnerabilities/16139 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •