Page 48 of 271 results (0.004 seconds)

CVSS: 5.0EPSS: 1%CPEs: 84EXPL: 0

The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames. • http://marc.info/?l=bugtraq&m=112724692219695&w=2 http://secunia.com/advisories/16645 http://secunia.com/secunia_research/2005-42/advisory http://www.opera.com/docs/changelogs/linux/850 http://www.opera.com/docs/changelogs/windows/850 http://www.osvdb.org/19508 http://www.securityfocus.com/advisories/9339 http://www.securityfocus.com/bid/14880 http://www.vupen.com/english/advisories/2005/1789 https://exchange.xforce.ibmcloud.com/vulnerabilities/22335 •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking". Un error de diseño en Opera 8.01 y anteriores permite a atacantes con la implicación del usuario superponer una ventana nueva maliciosa sobre un cuadro de diálogo de descarga de fichero, y entonces engañar al usuario para que haga doble clic en el botón "Ejecutar", tcc "link hijacking". • http://secunia.com/advisories/15781 http://secunia.com/secunia_research/2005-19/advisory http://securitytracker.com/id?1015353 http://www.opera.com/linux/changelogs/802 http://www.securityfocus.com/bid/15835 http://www.vupen.com/english/advisories/2005/1251 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. Opera 8.01 permite que atacantes remotos puedan realizar ataques con secuencias de comandos en sitios cruzados incitando al usuario a arrastrar una imagen que es una URI "javascript:". • http://secunia.com/advisories/15756 http://securitytracker.com/id?1014593 http://www.opera.com/linux/changelogs/802 http://www.securityfocus.com/bid/14410 http://www.vupen.com/english/advisories/2005/1251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code. Opera 8.0.1, cuando está instalado el font Arial Unicode MS, no maneja adecuadamente los caracteres ASCII extendidos en el diálogo de descarga de ficheros, lo que permite que atacantes remotos engañen con las extensiones de ficheros y posiblemente induzcan a los usuarios a ejecutar código arbitrario. • http://secunia.com/advisories/15870 http://securitytracker.com/id?1014592 http://www.opera.com/linux/changelogs/802 http://www.securityfocus.com/bid/14402 http://www.vupen.com/english/advisories/2005/1251 https://exchange.xforce.ibmcloud.com/vulnerabilities/21784 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg. Opera 8.01 permite que atacantes remotos causen una denegación de servicio (consumo de CPU) mediante una imagen JPEG amañada. Queda demostrado usando "random.jpg". • http://lcamtuf.coredump.cx/crash http://www.securityfocus.com/archive/1/405298 http://www.securityfocus.com/archive/1/405524/30/0/threaded • CWE-400: Uncontrolled Resource Consumption •