CVSS: 8.8EPSS: 0%CPEs: 123EXPL: 0CVE-2009-3048
https://notcve.org/view.php?id=CVE-2009-3048
02 Sep 2009 — Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." Opera anterior a la v10.00 sobre Linux, SOlaris y FreeBSD no implementa adecuadamente la funcionalidad "INPUT TYPE=file", lo que permite a atacantes remotos engañar al usuario para que suba un archivo a través de vectores que involucran un "archivo para descargar" (dropped fil... • http://www.opera.com/docs/changelogs/freebsd/1000 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3047
https://notcve.org/view.php?id=CVE-2009-3047
02 Sep 2009 — Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. Opera anterior a v10.00, cuando se usa una dirección colapsada en la barra, no actualiza adecuadamente el nombre de dominio del sitio web previo al sitio web actual, lo que podría permitir a atacantes remotos suplantar URLs. • http://www.opera.com/docs/changelogs/freebsd/1000 •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 2CVE-2009-3013
https://notcve.org/view.php?id=CVE-2009-3013
31 Aug 2009 — Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. Opera v9.52... • http://websecurity.com.ua/3323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2009-2577
https://notcve.org/view.php?id=CVE-2009-2577
22 Jul 2009 — Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. Opera v9.52 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU, y colgado de aplicación) a través de un argumento de cadena de caracteres Unicode para el método de escritura, siendo un asunto relacionado con CVE-2009-2577. • http://websecurity.com.ua/3338 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2009-2540
https://notcve.org/view.php?id=CVE-2009-2540
20 Jul 2009 — Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Opera, posiblemente v9.64 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un valor entero largo en la propiedad length de un objeto Select, está relacionada con CVE-2009-1692. • http://www.exploit-db.com/exploits/9160 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 2CVE-2009-2351
https://notcve.org/view.php?id=CVE-2009-2351
07 Jul 2009 — Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected. El navegador Opera versión 9.52 y versiones anteriores no bloquean javascript: URI en los encabezados de actualización en las res... • http://websecurity.com.ua/3275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 10%CPEs: 115EXPL: 0CVE-2009-0914
https://notcve.org/view.php?id=CVE-2009-0914
16 Mar 2009 — Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. Opera en versiones anteriores a v9.64 permite a atacantes remotos ejecutar código de su elección mediante una imagen JPEG manipulada que provoca una corrupción de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 115EXPL: 0CVE-2009-0916
https://notcve.org/view.php?id=CVE-2009-0916
16 Mar 2009 — Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." Vulnerabilidad no especificada en Opera versión anterior a v9.64 tiene un impacto y vectores de ataque desconocidos, relacionados con un "asunto moderadamente severo". • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2009-0915
https://notcve.org/view.php?id=CVE-2009-0915
16 Mar 2009 — Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. Opera en versiones anteriores a v9.64 permite a atacantes remotos dirigir ataques de ejecución de secuencias de comandos en dominios cruzados mediante vectores no especificados relacionados con sus extensiones. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5681
https://notcve.org/view.php?id=CVE-2008-5681
19 Dec 2008 — Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. Opera en versiones anteriores a la 9.63, no bloquea "URLs en scripts" durante la vista previa de servicios de suscipción a noticias, lo que permite a atacantes remotos leer las suscripciones y forzar suscripciones a URLs de noticias. • http://secunia.com/advisories/34294 •