Page 48 of 255 results (0.003 seconds)

CVSS: 5.0EPSS: 4%CPEs: 35EXPL: 1

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. • https://www.exploit-db.com/exploits/24828 http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html http://secunia.com/advisories/13447 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u2 http://www.securityfocus.com/bid/11901 http://www.zone-h.org/advisories/read/id=6503 https://exchange.xforce.ibmcloud.com/vulnerabilities/18457 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array. • http://marc.info/?l=bugtraq&m=107936810909082&w=2 http://www.securityfocus.com/bid/9869 https://exchange.xforce.ibmcloud.com/vulnerabilities/15413 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute. • http://secunia.com/advisories/11532 http://secunia.com/secunia_research/2004-2/advisory http://www.osvdb.org/6108 http://www.securityfocus.com/bid/10337 https://exchange.xforce.ibmcloud.com/vulnerabilities/16131 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers. • http://secunia.com/advisories/12981 http://secunia.com/secunia_research/2004-19/advisory http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u1 http://www.securityfocus.com/bid/11883 https://exchange.xforce.ibmcloud.com/vulnerabilities/18423 •

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 4

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. • https://www.exploit-db.com/exploits/24325 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html http://secunia.com/advisories/12162 http://www.opera.com/windows/changelogs/754 http://www.osvdb.org/8317 http://www.securityfocus.com/bid/10810 https://exchange.xforce.ibmcloud.com/vulnerabilities/16816 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •