VYPR

Opera

by Opera

CVEs (289)

  • CVE-2005-4718Dec 31, 2005
    risk 0.04cvss epss 0.10

    Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND…

  • CVE-2004-1491Dec 31, 2004
    risk 0.04cvss epss 0.13

    Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

  • CVE-2004-2491Dec 31, 2004
    risk 0.04cvss epss 0.06

    A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing…

  • CVE-2003-1396Dec 31, 2003
    risk 0.04cvss epss 0.09

    Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.

  • CVE-2003-1387Dec 31, 2003
    risk 0.04cvss epss 0.15

    Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.

  • CVE-2003-0870Nov 17, 2003
    risk 0.04cvss epss 0.15

    Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.

  • CVE-2001-1491Dec 31, 2001
    risk 0.04cvss epss 0.07

    Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

  • CVE-2010-5227Sep 7, 2012
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of…

  • CVE-2011-4684Dec 7, 2011
    risk 0.03cvss epss 0.06

    Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."

  • CVE-2011-2641Jul 1, 2011
    risk 0.03cvss epss 0.05

    Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.

  • CVE-2008-4795Oct 30, 2008
    risk 0.03cvss epss 0.04

    The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.

  • CVE-2008-4725Oct 23, 2008
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than…

  • CVE-2007-1563Mar 21, 2007
    risk 0.03cvss epss 0.05

    The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

  • CVE-2003-1397Dec 31, 2003
    risk 0.03cvss epss 0.06

    The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.

  • CVE-2002-2358Dec 31, 2002
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.

  • CVE-2002-2312Dec 31, 2002
    risk 0.03cvss epss 0.02

    Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage.

  • CVE-2002-0898Oct 4, 2002
    risk 0.03cvss epss 0.06

    Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.

  • CVE-2002-0783Aug 12, 2002
    risk 0.03cvss epss 0.03

    Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.

  • CVE-2001-0898Nov 15, 2001
    risk 0.03cvss epss 0.03

    Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.

  • CVE-2010-1728May 6, 2010
    risk 0.01cvss epss 0.07

    Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes …

Page 2 of 15