CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 0CVE-2007-3929
https://notcve.org/view.php?id=CVE-2007-3929
21 Jul 2007 — Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. Vulnerabilidad de "usar después de liberado" en el soporte de BitTorrent en Opera versiones anteriores a 9.22 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante una cabecera manipulada en un fichero torrent, que deja un puntero ap... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3819
https://notcve.org/view.php?id=CVE-2007-3819
17 Jul 2007 — Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. Opera 9.21 permite a atacantes remotos falsificar el esquema URI data: en la barra de direcciones mediante un URI largo con espacios en blanco, lo cual evitar que el inicio del URI sea mostrado. • http://alt.swiecki.net/oper1.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-3142
https://notcve.org/view.php?id=CVE-2007-3142
11 Jun 2007 — Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. Vulnerabilidad de truncamiento visual en Opera 9.21 permite a atacantes remotos evenenar la barra de dirección y posiblemente realizar ataques de phishing a través de un nombre de host largo, el cual está truncado después de 34 caracteres, como se ... • http://osvdb.org/43463 •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 0CVE-2007-2809
https://notcve.org/view.php?id=CVE-2007-2809
22 May 2007 — Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. Desbordamiento de búfer en el administrador de transferencias en Opera anterior a 9.21 para Windows permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante un archivo torrent manipulado. NOTA: debido a la falt... • http://isc.sans.org/diary.html?storyid=2823 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 1CVE-2007-2274 – Opera 9.2 - '.torrent' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-2274
25 Apr 2007 — The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain. La implementación de BitTorrent en Opera versión 9.2, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y bloqueo de aplicación) por medio de un archivo torrent malformado. NOTA: la divulgación original hace referencia a esto como u... • https://www.exploit-db.com/exploits/3784 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 18%CPEs: 76EXPL: 0CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
13 Apr 2007 — Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1737
https://notcve.org/view.php?id=CVE-2007-1737
28 Mar 2007 — Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. Opera 9.10 no comprueba los URLs embebidos en etiquetas HTML (1) object o (2) iframe contra la lista negra de sitios fraudulentos (phishing), lo cual permite a atacantes remotos evitar la protección contra phishing. • http://securityreason.com/securityalert/2488 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2007-1563 – Opera 9.x - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1563
21 Mar 2007 — The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Opera versión 9.10, aprueba que atacantes remotos permitan a servidores remotos forzar al cliente a conectarse a otros servidores, realizar un análisis de puerto apoderado u obtener información confide... • https://www.exploit-db.com/exploits/29769 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 23%CPEs: 4EXPL: 3CVE-2007-1377 – Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption
https://notcve.org/view.php?id=CVE-2007-1377
10 Mar 2007 — AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, ó Opera, permite a atacantes remotos provocar una denegación de servicio (agotamiento sin e... • https://www.exploit-db.com/exploits/3430 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1115
https://notcve.org/view.php?id=CVE-2007-1115
26 Feb 2007 — The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. Los marcos secundarios en Opera 9 antes de la versión 9.20 heredan el conjunto de caracteres por defecto de la ventana principal cuando no se especifica un conjunto de caracteres en un encabezado de tipo de contenido HTTP... • http://osvdb.org/32118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •