CVE-2007-1115

CVE-2007-1115 affects Opera 9 before 9.20. The vulnerability arises when a page with no explicit charset in Content-Type or META tag causes child frames to inherit the parent’s default charset, enabling cross-site scripting (XSS). Demonstrations used UTF-7 to show exploitation. Some related advis...

Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple Browsers Cross Domain Charset Inheritance Vulnerability Release Date: 2007/02/23 Last Modified: 2007/02/23 Author: Stefan Esser [email protected] Application:...

SUSE-SA:2006:061: opera

The remote host is missing the patch for the advisory SUSE-SA:2006:061 opera. The web browser Opera has been updated to fix 2 security problems. CVE-2006-4339: Opera was affected by the RSA signature checking problem found in openssl, since it is statically linked against openssl. CVE-2006-4819: ...

SUSE-SA:2007:009: opera

The remote host is missing the patch for the advisory SUSE-SA:2007:009 opera. This update brings the Opera Web browser to version 9.10, including fixes for the following 2 security problems: - CVE-2007-0126: Opera processes a JPEG DHT marker incorrectly, which can potentially lead to remote code...

SUSE-SA:2006:038: opera

The remote host is missing the patch for the advisory SUSE-SA:2006:038 opera. The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem: - CVE-2006-3198: An integer overflow vulnerability exists in the Opera Web Browser due to th...

Data URLs with executables and misleading download dialog – Opera Security Advisories

Data URLs with executables and misleading download dialog – Opera Security Advisories OPCOM Team | February 9, 2007 Severity: Moderate Summary A data URL RCF 2397 containing an executable file maycause Opera to mislead the user. Opera’s download dialogwill in some cases say “Open with NOTEPAD.EXE...

Opera not vulnerable to JPEG processing vulnerability in Microsoft’s GDI+ library – Opera Security Advisories

Opera not vulnerable to JPEG processing vulnerability in Microsoft’s GDI+ library – Opera Security Advisories OPCOM Team | February 9, 2007 Opera is not vulnerable to the JPEG processing vulnerability in Microsoft’s GDI+ library. Details: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPE...

Vulnerability in Opera's use of kfmclient

The kfmclient is a part of the KDE desktop environment.It inspects the file given to it to determine its MIMEtype, and performs the action assigned to that MIME typein KDE's configuration. If the file type is an executable,kfmclient may execute it.Opera will not save downloaded files with the...

Data URLs with executables and misleading download dialog

The data URL scheme allows authors to embed binary files,instead of using links to external files. Data URLscontaining file types that Opera can display are renderedinline; other file types will be handled by Opera'sdownload dialog. A bug in Opera's file download handling causes the downloaddialo...

Vulnerability in Opera’s use of kfmclient – Opera Security Advisories

Vulnerability in Opera’s use of kfmclient – Opera Security Advisories OPCOM Team | February 9, 2007 Severity: Moderate Since version 7.50, Opera for Linux has offered theuser a new way to open files which Opera can not openitself: “Open with kfmclient”. This feature can beexploited to run malicio...

CVE-2006-6970

Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter...

CVE-2006-6970

Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter...

CVE-2006-6970

CVE-2006-6970 : Opera 9.10 Final can bypass Fraud Protection by appending certain characters (e.g., "." or "/") to the end of a domain, which escapes the blacklist filter. The NVD notes a remote-network vulnerability with low exploit complexity and partial confidentiality impact (no integrity or ...

Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass.

Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass. + Subject: Firefox 2.0.0.1 Phishing Protection bypass Opera 9.10 Fraud Protection bypass + Version: Firefox 2.0.0.1 Linux | Windows Opera 9.10 Final Linux build 521 | Windows build 8679 + Discovered by: Kanedaaa:...

Firefox / Opera phishing protection bypass

It's possible to bypass phishing protection by adding "." character to hostname or additional "/" after hostname...

CVE-2006-6955

Opera allows remote attackers to cause a denial of service application crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...

CVE-2006-6955

Opera before 10.53 on Windows and Mac OS X is vulnerable to DoS (application crash) through a page containing a large number of nested tags, due to improper handling of asynchronous document modifications. This vulnerability is related to CVE-2006-2723. The available connected sources indicate t...

CVE-2006-6955

Opera allows remote attackers to cause a denial of service application crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...

GLSA-200701-08 : Opera: Two remote code execution vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200701-08 Opera: Two remote code execution vulnerabilities Christoph Deal discovered that JPEG files with a specially crafted DHT marker can be exploited to cause a heap overflow. Furthermore, an anonymous person discovered that...

phpmyadmin-xss.txt

--------------------------------------------------------------------------------- | . | | \ \ / /||/ | | | \ Y / | \ \ \ | \ \ \ / / | | \ / | || | /| | | | // \ | | / |||| || |/ //\ \ | | / / | | Security without illusions | | www.virtuax.be | | |...