Vulnerabilities > Opera > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-28 | CVE-2007-1737 | Security Bypass vulnerability in Opera Browser 9.10 Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | 7.5 |
2006-06-23 | CVE-2006-3198 | Integer Overflow or Wraparound vulnerability in Opera Browser Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended. | 7.5 |
2005-11-22 | CVE-2005-3750 | Injection vulnerability in Opera Browser Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera. | 7.5 |
2005-06-16 | CVE-2005-1475 | Open Redirect vulnerability in Opera Browser The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. | 7.5 |
2005-05-02 | CVE-2005-0457 | Uncontrolled Search Path Element vulnerability in Opera Browser Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. | 7.2 |
2005-04-14 | CVE-2005-1139 | Unspecified vulnerability in Opera Browser 8.0 Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks. | 7.5 |
2005-02-08 | CVE-2005-0233 | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 7.5 |
2005-01-10 | CVE-2004-1157 | Injection vulnerability in Opera Browser Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | 7.5 |
2004-07-27 | CVE-2004-0717 | Unspecified vulnerability in Opera Browser 7.50/7.51 Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | 7.5 |
2004-04-15 | CVE-2003-0593 | Path Traversal vulnerability in Opera Browser Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. | 7.5 |