Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Supported versions that are affected are 5.5 and 5.6. Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). This may allow the malicious page to impersonate another page and trick a user into providing sensitive data. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. OPERA MINI 8.5 HANDLER APK FOR ANDROIDThis vulnerability affects Opera for Android versions below. This could allow users to be socially engineered to run an XSS attack against themselves. URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue. The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. With the URL being left-aligned, the user will only see the front part (e.g. This allows a malicious attacker to craft a URL with a long domain name, e.g. Opera Mini for Android below 53.1 displays URL left-aligned in the address field. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. An attacker could then access this information via JavaScript. A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |