4486 matches found
Information Leakage in Opera
Здравствуйте 3APA3A! Для недавно опубликованной Cross-Site Scripting уязвимости в Opera http://www.milw0rm.com/exploits/6801 я разработал свой эксплоит. Который приводит к утечке пути к профайлу пользователя и соответственно к утечке логина пользователя в ОС. Information Leakage:...
Opera crossite scripting
Crossite scripting with opera:historysearch...
Opera Stored Cross Site Scripting Vulnerability
====================================================== ================= = Opera Stored Cross Site Scripting Vulnerability = = Vendor Website: = http://www.opera.com = = Affected Version: = -- All desktop versions = = Public disclosure on 22nd October 2008 =...
Opera 9.52/9.60 Stored Cross Site Scripting Code Exec PoC
No description provided by source. !-- Just found a way to use Stefano’s opera:config idea to execute code from remote. Instead of changing the HTTP Proxy, an attacker can change the default external mail application to “\evil\malware.exe ”, or to local commands e.g. ftp.exe which can be used to...
DoS vulnerabilities in Mozilla, Internet Explorer, Google Chrome and Opera
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Denial of Service уязвимостях в браузерах Mozilla Firefox, Opera та Google Chrome. Данные уязвимости похожи на DoS в Firefox, Opera и Chrome http://websecurity.com.ua/2456/, которые я опубликовал в проекте День багов в браузерах. Данную атаку я...
CVE-2008-4698
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...
CVE-2008-4694
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a redirect that specifies a crafted URL...
CVE-2008-4695
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...
CVE-2008-4725
Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...
CVE-2008-4696
Cross-site scripting XSS vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier aka the "optional fragment", which is not properly escaped before storage in the History Search database aka md.dat...
CVE-2008-4697
The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting XSS attacks...
Cross site scripting
The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting XSS attacks...
CVE-2008-4696
Cross-site scripting XSS vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier aka the "optional fragment", which is not properly escaped before storage in the History Search database aka md.dat...
Code injection
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a redirect that specifies a crafted URL...
Design/Logic Flaw
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...
Design/Logic Flaw
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...
CVE-2008-4694
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a redirect that specifies a crafted URL...
CVE-2008-4695
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...
CVE-2008-4698
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...
DSquare Exploit Pack: D2SEC_OPERAXSS
Name| d2secoperaxss ---|--- CVE| CVE-2008-4696 Exploit Pack| D2ExploitPack Description| Opera Web Browser History Search Input Validation Vulnerability Notes|...