Vulnerabilites related to opera_software - opera_web_browser
cve-2001-1245
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://online.securityfocus.com/archive/1/196980 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3012 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/6838.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010712 Re: Opera Browser Heap Overflow (Session Replay Attack)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/196980"
},
{
"name": "3012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3012"
},
{
"name": "opera-browser-header-bo(6838)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/6838.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010712 Re: Opera Browser Heap Overflow (Session Replay Attack)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/196980"
},
{
"name": "3012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3012"
},
{
"name": "opera-browser-header-bo(6838)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/6838.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010712 Re: Opera Browser Heap Overflow (Session Replay Attack)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/196980"
},
{
"name": "3012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3012"
},
{
"name": "opera-browser-header-bo(6838)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/6838.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1245",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0270
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101363764421623&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:28.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101363764421623\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera, when configured with the \"Determine action by MIME type\" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101363764421623\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera, when configured with the \"Determine action by MIME type\" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101363764421623\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0270",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:28.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0898
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=ntbugtraq&m=102256058220402&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://online.securityfocus.com/archive/1/274202 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9188.php | vdb-entry, x_refsource_XF | |
| http://www.opera.com/windows/changelog/log603.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4834 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020527 Reading ANY local file in Opera (GM#001-OP)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=102256058220402\u0026w=2"
},
{
"name": "20020527 Reading ANY local file in Opera (GM#001-OP)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/274202"
},
{
"name": "opera-browser-file-retrieval(9188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9188.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/windows/changelog/log603.html"
},
{
"name": "4834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020527 Reading ANY local file in Opera (GM#001-OP)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=102256058220402\u0026w=2"
},
{
"name": "20020527 Reading ANY local file in Opera (GM#001-OP)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/274202"
},
{
"name": "opera-browser-file-retrieval(9188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9188.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/windows/changelog/log603.html"
},
{
"name": "4834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020527 Reading ANY local file in Opera (GM#001-OP)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=102256058220402\u0026w=2"
},
{
"name": "20020527 Reading ANY local file in Opera (GM#001-OP)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274202"
},
{
"name": "opera-browser-file-retrieval(9188)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9188.php"
},
{
"name": "http://www.opera.com/windows/changelog/log603.html",
"refsource": "CONFIRM",
"url": "http://www.opera.com/windows/changelog/log603.html"
},
{
"name": "4834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0898",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2332
Vulnerability from cvelistv5
Published
2007-10-26 19:00
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/10126.php | vdb-entry, x_refsource_XF | |
| http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5717 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "opera-konqueror-image-dos(10126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10126.php"
},
{
"name": "20020915 Bug in Opera and Konqueror",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html"
},
{
"name": "5717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-26T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "opera-konqueror-image-dos(10126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10126.php"
},
{
"name": "20020915 Bug in Opera and Konqueror",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html"
},
{
"name": "5717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "opera-konqueror-image-dos(10126)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10126.php"
},
{
"name": "20020915 Bug in Opera and Konqueror",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html"
},
{
"name": "5717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2332",
"datePublished": "2007-10-26T19:00:00Z",
"dateReserved": "2007-10-26T00:00:00Z",
"dateUpdated": "2024-09-16T17:28:20.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2358
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-16 21:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://online.securityfocus.com/archive/1/286151 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5401 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47 | x_refsource_MISC | |
| http://www.iss.net/security_center/static/9757.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020806 Opera FTP View Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/286151"
},
{
"name": "5401",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5401"
},
{
"name": "20020806 Opera FTP View Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47"
},
{
"name": "multiple-ftp-view-xss(9757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9757.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020806 Opera FTP View Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/286151"
},
{
"name": "5401",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5401"
},
{
"name": "20020806 Opera FTP View Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47"
},
{
"name": "multiple-ftp-view-xss(9757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9757.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020806 Opera FTP View Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/286151"
},
{
"name": "5401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5401"
},
{
"name": "20020806 Opera FTP View Cross-Site Scripting Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html"
},
{
"name": "http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47",
"refsource": "MISC",
"url": "http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47"
},
{
"name": "multiple-ftp-view-xss(9757)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9757.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2358",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-16T21:56:59.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0783
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9096.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4745 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "opera-sameoriginpolicy-bypass(9096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9096.php"
},
{
"name": "20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html"
},
{
"name": "4745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "opera-sameoriginpolicy-bypass(9096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9096.php"
},
{
"name": "20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html"
},
{
"name": "4745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "opera-sameoriginpolicy-bypass(9096)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9096.php"
},
{
"name": "20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html"
},
{
"name": "4745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0783",
"datePublished": "2002-07-26T04:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2311
Vulnerability from cvelistv5
Published
2007-10-26 19:00
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://online.securityfocus.com/archive/1/283866 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9653.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5290 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/284068 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/283866"
},
{
"name": "ie-ctrl-file-upload(9653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9653.php"
},
{
"name": "5290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5290"
},
{
"name": "20020724 RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/284068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-26T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/283866"
},
{
"name": "ie-ctrl-file-upload(9653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9653.php"
},
{
"name": "5290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5290"
},
{
"name": "20020724 RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/284068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/283866"
},
{
"name": "ie-ctrl-file-upload(9653)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9653.php"
},
{
"name": "5290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5290"
},
{
"name": "20020724 RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/284068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2311",
"datePublished": "2007-10-26T19:00:00Z",
"dateReserved": "2007-10-26T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:17.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1491
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7709 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/245152 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3684 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "win-browser-image-dos(7709)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"name": "20011211 Browsers fails on big image count",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"name": "3684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "win-browser-image-dos(7709)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"name": "20011211 Browsers fails on big image count",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"name": "3684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "win-browser-image-dos(7709)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"name": "20011211 Browsers fails on big image count",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"name": "3684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1491",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1283
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:11
Severity ?
EPSS score ?
Summary
Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/10320 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/1541 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:01.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19980814 URL exploit to crash Opera Browser",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/10320"
},
{
"name": "opera-slash-crash(1541)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1998-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19980814 URL exploit to crash Opera Browser",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/10320"
},
{
"name": "opera-slash-crash(1541)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980814 URL exploit to crash Opera Browser",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/10320"
},
{
"name": "opera-slash-crash(1541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1283",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:01.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0243
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101309907709138&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:28.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101309907709138\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101309907709138\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101309907709138\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0243",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:28.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0898
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3553 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/7567.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=100588139312696&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=100586079932284&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3553"
},
{
"name": "opera-java-cross-site(7567)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7567.php"
},
{
"name": "20011116 Re: Several javascript vulnerabilities in Opera",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100588139312696\u0026w=2"
},
{
"name": "20011115 Several javascript vulnerabilities in Opera",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100586079932284\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3553"
},
{
"name": "opera-java-cross-site(7567)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7567.php"
},
{
"name": "20011116 Re: Several javascript vulnerabilities in Opera",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100588139312696\u0026w=2"
},
{
"name": "20011115 Several javascript vulnerabilities in Opera",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100586079932284\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3553"
},
{
"name": "opera-java-cross-site(7567)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7567.php"
},
{
"name": "20011116 Re: Several javascript vulnerabilities in Opera",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100588139312696\u0026w=2"
},
{
"name": "20011115 Several javascript vulnerabilities in Opera",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100586079932284\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0898",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:06.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0233
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn"
},
{
"name": "SUSE-SA:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"name": "oval:org.mitre.oval:def:11229",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"name": "oval:org.mitre.oval:def:100029",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"name": "RHSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "RHSA-2005:384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn"
},
{
"name": "SUSE-SA:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"name": "oval:org.mitre.oval:def:11229",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"name": "oval:org.mitre.oval:def:100029",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"name": "RHSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "RHSA-2005:384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0233",
"datePublished": "2005-02-07T05:00:00",
"dateReserved": "2005-02-07T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1091
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2003-046.html | vendor-advisory, x_refsource_REDHAT | |
| http://bugzilla.mozilla.org/show_bug.cgi?id=157989 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/5665 | vdb-entry, x_refsource_BID | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 | vendor-advisory, x_refsource_MANDRAKE | |
| http://crash.ihug.co.nz/~Sneuro/zerogif/ | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2002-192.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=103134051120770&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/10058.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
},
{
"name": "5665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5665"
},
{
"name": "MDKSA-2002:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
},
{
"name": "RHSA-2002:192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
},
{
"name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
},
{
"name": "netscape-zero-gif-bo(10058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10058.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
},
{
"name": "5665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5665"
},
{
"name": "MDKSA-2002:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
},
{
"name": "RHSA-2002:192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
},
{
"name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
},
{
"name": "netscape-zero-gif-bo(10058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10058.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:046",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
},
{
"name": "5665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5665"
},
{
"name": "MDKSA-2002:075",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
},
{
"name": "http://crash.ihug.co.nz/~Sneuro/zerogif/",
"refsource": "MISC",
"url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
},
{
"name": "RHSA-2002:192",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
},
{
"name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
},
{
"name": "netscape-zero-gif-bo(10058)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10058.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1091",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | mozilla | 0.9.5 | |
| mozilla | mozilla | 0.9.6 | |
| mozilla | mozilla | 0.9.7 | |
| mozilla | mozilla | 0.9.8 | |
| mozilla | mozilla | 0.9.9 | |
| mozilla | mozilla | 1.0 | |
| netscape | navigator | 6.2 | |
| netscape | navigator | 6.2.1 | |
| netscape | navigator | 6.2.2 | |
| netscape | navigator | 6.2.3 | |
| opera_software | opera_web_browser | 5.12 | |
| opera_software | opera_web_browser | 6.0 | |
| opera_software | opera_web_browser | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36889B90-FD18-4A5A-A732-788240E10FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F49659B4-2878-4D31-BCB8-11CA38D6FA8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0615E0B9-EFCF-4CDD-81E3-0E351DEB2C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964BC1D9-10D2-4064-A0AD-5DD6E6A568E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width."
}
],
"id": "CVE-2002-1091",
"lastModified": "2024-11-20T23:40:34.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
},
{
"source": "cve@mitre.org",
"url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10058.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10058.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5665"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-11-15 05:00
Modified
2024-11-20 23:36
Severity ?
Summary
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EAF4E3-96C8-4B42-A624-009C180E5BC0",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache."
}
],
"id": "CVE-2001-0898",
"lastModified": "2024-11-20T23:36:23.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-11-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100586079932284\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100588139312696\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/7567.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100586079932284\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100588139312696\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/7567.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3553"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | 5.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:5.1.1:*:win32:*:*:*:*:*",
"matchCriteriaId": "9B7E4550-5179-4C4C-B028-F850690930A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images."
}
],
"id": "CVE-2001-1491",
"lastModified": "2024-11-20T23:37:48.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/3684"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/3684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/9096.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/4745 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9096.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4745 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | 5.12 | |
| opera_software | opera_web_browser | 5.12 | |
| opera_software | opera_web_browser | 6.0 | |
| opera_software | opera_web_browser | 6.0 | |
| opera_software | opera_web_browser | 6.0.1 | |
| opera_software | opera_web_browser | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F49659B4-2878-4D31-BCB8-11CA38D6FA8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:win32:*:*:*:*:*",
"matchCriteriaId": "FAA9EEAD-FABF-4C4A-A38E-E3A93D7E5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0615E0B9-EFCF-4CDD-81E3-0E351DEB2C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "041E7A50-D2D9-4469-88EA-D8D7CE5EC9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964BC1D9-10D2-4064-A0AD-5DD6E6A568E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*",
"matchCriteriaId": "25F0B4BE-F2B7-4774-8AAC-75239180D99B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL."
}
],
"id": "CVE-2002-0783",
"lastModified": "2024-11-20T23:39:51.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9096.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9096.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4745"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-08 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | camino | 0.8.5 | |
| mozilla | firefox | 1.0 | |
| mozilla | mozilla | * | |
| omnigroup | omniweb | 5 | |
| opera | opera_browser | * | |
| opera_software | opera_web_browser | 7.54 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D044E602-45A5-4B14-8B16-B0978D985027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F232DA-F897-4429-922E-F5CFF865A8AA",
"versionEndExcluding": "1.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3E937-C813-4564-9E3C-D009D39E8A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE75E76-E20D-47A4-9603-0AF46F733AEF",
"versionEndIncluding": "7.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "142EB1E3-2918-4792-83D7-9D7B6A3BD26B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"id": "CVE-2005-0233",
"lastModified": "2024-11-20T23:54:41.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-08T05:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-29 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | 9.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3957F6A1-C62D-4571-9F81-9D17B5D98023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera, when configured with the \"Determine action by MIME type\" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks."
}
],
"id": "CVE-2002-0270",
"lastModified": "2024-11-20T23:38:41.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101363764421623\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101363764421623\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-09 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:5.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "F255D9FB-2C92-4B36-A19C-04A1C684991C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name."
}
],
"id": "CVE-2001-1245",
"lastModified": "2024-11-20T23:37:14.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-09T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/196980"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/6838.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/196980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/6838.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1998-08-14 04:00
Modified
2024-11-20 23:30
Severity ?
Summary
Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11CCD2F1-114C-430E-9D03-55F13017ED38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag."
}
],
"id": "CVE-1999-1283",
"lastModified": "2024-11-20T23:30:44.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1998-08-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/10320"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/10320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1541"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-29 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EAF4E3-96C8-4B42-A624-009C180E5BC0",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en Internet Opera 6 y anteriores permite que atacante remotos ejecuten c\u00f3digo arbitrario por medio de un formulario HTML extendido, cuya salida del servidor remoto no se ha aclarado adecuadamente."
}
],
"id": "CVE-2002-0243",
"lastModified": "2024-11-20T23:38:38.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101309907709138\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101309907709138\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | internet_explorer | 5.0 | |
| microsoft | internet_explorer | 5.0.1 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 5.5 | |
| microsoft | internet_explorer | 6.0 | |
| opera_software | opera_web_browser | 6.0.1 | |
| opera_software | opera_web_browser | 6.0.1 | |
| opera_software | opera_web_browser | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964BC1D9-10D2-4064-A0AD-5DD6E6A568E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "4DC0446A-9801-4AD9-ADE0-983E845E3A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*",
"matchCriteriaId": "25F0B4BE-F2B7-4774-8AAC-75239180D99B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue."
}
],
"id": "CVE-2002-2311",
"lastModified": "2024-11-20T23:43:22.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/283866"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/284068"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9653.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/283866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/284068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9653.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | 6.0.1 | |
| opera_software | opera_web_browser | 6.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*",
"matchCriteriaId": "25F0B4BE-F2B7-4774-8AAC-75239180D99B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*",
"matchCriteriaId": "4B24013D-1E3D-4880-A9D6-C3F1ABED4FF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline."
},
{
"lang": "es",
"value": "Opera 6.0.1 y 6.0.2 permite a un sitio web remoto cargar ficheros arbitrarios del sistema cliente, sin preguntar al cliente, mediante una etiqueta \u003cinput type=file\u003e que contiene un car\u00e1cter de nueva l\u00ednea."
}
],
"id": "CVE-2002-0898",
"lastModified": "2024-11-20T23:40:08.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=102256058220402\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/274202"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9188.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.opera.com/windows/changelog/log603.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=102256058220402\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/274202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9188.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opera.com/windows/changelog/log603.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | 6.0 | |
| opera_software | opera_web_browser | 6.0 | |
| opera_software | opera_web_browser | 6.0.1 | |
| opera_software | opera_web_browser | 6.0.1 | |
| opera_software | opera_web_browser | 6.0.1 | |
| opera_software | opera_web_browser | 6.0.2 | |
| opera_software | opera_web_browser | 6.0.3 | |
| opera_software | opera_web_browser | 6.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0615E0B9-EFCF-4CDD-81E3-0E351DEB2C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "041E7A50-D2D9-4469-88EA-D8D7CE5EC9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964BC1D9-10D2-4064-A0AD-5DD6E6A568E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "4DC0446A-9801-4AD9-ADE0-983E845E3A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*",
"matchCriteriaId": "25F0B4BE-F2B7-4774-8AAC-75239180D99B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*",
"matchCriteriaId": "4B24013D-1E3D-4880-A9D6-C3F1ABED4FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*",
"matchCriteriaId": "D9688B54-7A0D-4F8E-B2D8-D032A281C97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*",
"matchCriteriaId": "E32ECDB1-CD5E-4B2C-B064-F1A80C1995AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL."
}
],
"id": "CVE-2002-2358",
"lastModified": "2024-11-20T23:43:29.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/286151"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9757.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/5401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/286151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9757.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/5401"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opera_software | opera_web_browser | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "4DC0446A-9801-4AD9-ADE0-983E845E3A34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes."
}
],
"id": "CVE-2002-2332",
"lastModified": "2024-11-20T23:43:25.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10126.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10126.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5717"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}