- EPSS 2.73%
- Veröffentlicht 16.09.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:33
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cros...
- EPSS 2.26%
- Veröffentlicht 06.08.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:50
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.
CVE-2004-0717
- EPSS 2.19%
- Veröffentlicht 27.07.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:13
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability...
CVE-2004-0473
- EPSS 2.45%
- Veröffentlicht 07.07.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:42
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) t...
CVE-2003-0593
- EPSS 2.95%
- Veröffentlicht 15.04.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:29
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a...
CVE-2004-2083
- EPSS 2.56%
- Veröffentlicht 11.02.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:08:57
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
CVE-2003-1387
- EPSS 14.67%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:04
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
CVE-2003-1388
- EPSS 3.06%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:04
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
CVE-2003-1396
- EPSS 9.09%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:05
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
CVE-2003-1397
- EPSS 6.12%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:05
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.