Page 47 of 244 results (0.021 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13253 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 1

Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme. • http://lcamtuf.coredump.cx/mangleme/gallery http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html http://marc.info/?l=bugtraq&m=109811406620511&w=2 http://www.securityfocus.com/bid/11441 https://exchange.xforce.ibmcloud.com/vulnerabilities/17806 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." • http://securityfocus.com/archive/1/375407 http://securitytracker.com/id?1011329 http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 • CWE-669: Incorrect Resource Transfer Between Spheres •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Opera 7.51 para Windows y 7.50 para Linux no previene apropiadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. También conocida como vulnerabilidad de inyección en marcos. • http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces. Opera 7.50 y anteriores permite a sitios web remotos suministrar un "Icono de acceso directo" (favicon) que es más ancho de lo esperado, lo que podría permitir a los sitios web suplantar un dominio de confianza y facilitar ataques de phising usando un icono ancho y espacios extra. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022263.html http://marc.info/?l=bugtraq&m=108627581717738&w=2 http://osvdb.org/6590 http://secunia.com/advisories/11762 http://security.greymagic.com/security/advisories/gm007-op http://www.opera.com/linux/changelogs/751/index.dml http://www.securityfocus.com/bid/10452 https://exchange.xforce.ibmcloud.com/vulnerabilities/16307 •