Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opera_browser
(Opera)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 282 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-03-28 | CVE-2007-1737 | Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | Opera_browser | N/A | ||
| 2007-03-21 | CVE-2007-1563 | The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | Opera_browser | N/A | ||
| 2007-02-26 | CVE-2007-1115 | The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | Opera_browser | N/A | ||
| 2007-01-09 | CVE-2007-0127 | The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. | Opera_browser | N/A | ||
| 2007-01-09 | CVE-2007-0126 | Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. | Opera_browser | N/A | ||
| 2007-02-07 | CVE-2006-6970 | Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | Opera_browser | N/A | ||
| 2007-01-29 | CVE-2006-6955 | Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | Opera_browser | N/A | ||
| 2006-10-17 | CVE-2006-4819 | Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). | Opera_browser | N/A | ||
| 2006-04-19 | CVE-2006-1834 | Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. | Opera_browser | N/A | ||
| 2005-09-21 | CVE-2005-3006 | The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames. | Opera_browser | N/A |