Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2005-1669: About Secunia Research | Flexera

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.

CVE
#xss#vulnerability#web#apple#microsoft#git#java
CVE-2005-1475: About Secunia Research | Flexera

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.

CVE-2004-1157: About Secunia Research | Flexera

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

CVE-2004-2260: About Secunia Research | Flexera

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.

CVE-2004-1490: About Secunia Research | Flexera

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.

CVE-2004-0717: About Secunia Research | Flexera

Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

CVE-2004-2083: About Secunia Research | Flexera

Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."

CVE-2002-1716

The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.

CVE-2000-0115: 'Strange behaviour IIS and RegExp'

IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.

CVE-1999-0444: 'ARP problem in Windows9X/NT' - MARC

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.