CVSS: 8.8EPSS: 0%CPEs: 123EXPL: 0CVE-2009-3048
https://notcve.org/view.php?id=CVE-2009-3048
02 Sep 2009 — Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." Opera anterior a la v10.00 sobre Linux, SOlaris y FreeBSD no implementa adecuadamente la funcionalidad "INPUT TYPE=file", lo que permite a atacantes remotos engañar al usuario para que suba un archivo a través de vectores que involucran un "archivo para descargar" (dropped fil... • http://www.opera.com/docs/changelogs/freebsd/1000 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 2CVE-2009-3013
https://notcve.org/view.php?id=CVE-2009-3013
31 Aug 2009 — Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. Opera v9.52... • http://websecurity.com.ua/3323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2009-2577
https://notcve.org/view.php?id=CVE-2009-2577
22 Jul 2009 — Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. Opera v9.52 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU, y colgado de aplicación) a través de un argumento de cadena de caracteres Unicode para el método de escritura, siendo un asunto relacionado con CVE-2009-2577. • http://websecurity.com.ua/3338 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2009-2540
https://notcve.org/view.php?id=CVE-2009-2540
20 Jul 2009 — Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Opera, posiblemente v9.64 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un valor entero largo en la propiedad length de un objeto Select, está relacionada con CVE-2009-1692. • http://www.exploit-db.com/exploits/9160 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 2CVE-2009-2351
https://notcve.org/view.php?id=CVE-2009-2351
07 Jul 2009 — Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected. El navegador Opera versión 9.52 y versiones anteriores no bloquean javascript: URI en los encabezados de actualización en las res... • http://websecurity.com.ua/3275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 21EXPL: 1CVE-2009-2059
https://notcve.org/view.php?id=CVE-2009-2059
15 Jun 2009 — Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Opera, posiblemente anteriores a v9.25, utiliza una cabecera HTTP Host para determinar el contexto de un documento propocionado por una respuesta de CONEXIÓN (1) 4xx o (2) 5xx desde un servidor proxy, lo que... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 7.4EPSS: 0%CPEs: 21EXPL: 0CVE-2009-2067
https://notcve.org/view.php?id=CVE-2009-2067
15 Jun 2009 — Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." Opera detecta contenido http en una página https, sólo cuando el marco de alto nivel utiliza https, lo que permite a los atacantes "hombre en el medio" ejecutar... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 102EXPL: 0CVE-2009-2063
https://notcve.org/view.php?id=CVE-2009-2063
15 Jun 2009 — Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. Opera, posiblemente en versiones anteriores a v9.25, procesa una respuesta 3xx HTTP CONNECT antes de un proceso de handshake SSL exitoso, lo que permitiría a atacantes "man-in-the-middle" ejecutar secuencias de coma... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 1%CPEs: 115EXPL: 0CVE-2009-0916
https://notcve.org/view.php?id=CVE-2009-0916
16 Mar 2009 — Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no especificada en Opera versión anterior a v9.64 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo". • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2009-0915
https://notcve.org/view.php?id=CVE-2009-0915
16 Mar 2009 — Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. Opera en versiones anteriores a v9.64 permite a atacantes remotos dirigir ataques de ejecución de secuencias de comandos en dominios cruzados mediante vectores no especificados relacionados con sus extensiones. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •