CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1737
https://notcve.org/view.php?id=CVE-2007-1737
28 Mar 2007 — Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. Opera 9.10 no comprueba los URLs embebidos en etiquetas HTML (1) object o (2) iframe contra la lista negra de sitios fraudulentos (phishing), lo cual permite a atacantes remotos evitar la protección contra phishing. • http://securityreason.com/securityalert/2488 •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 1CVE-2007-1563 – Opera 9.x - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1563
21 Mar 2007 — The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Opera versión 9.10, aprueba que atacantes remotos permitan a servidores remotos forzar al cliente a conectarse a otros servidores, realizar un análisis de puerto apoderado u obtener información confide... • https://www.exploit-db.com/exploits/29769 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 3CVE-2007-1377 – Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption
https://notcve.org/view.php?id=CVE-2007-1377
10 Mar 2007 — AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, ó Opera, permite a atacantes remotos provocar una denegación de servicio (agotamiento sin e... • https://www.exploit-db.com/exploits/3430 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1115
https://notcve.org/view.php?id=CVE-2007-1115
26 Feb 2007 — The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. Los marcos secundarios en Opera 9 antes de la versión 9.20 heredan el conjunto de caracteres por defecto de la ventana principal cuando no se especifica un conjunto de caracteres en un encabezado de tipo de contenido HTTP... • http://osvdb.org/32118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6970
https://notcve.org/view.php?id=CVE-2006-6970
07 Feb 2007 — Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. Opera 9.10 Final permite a atacantes remotos evitar el mecanismo de Protección de Fraude (Fraud Protection) añadiendo ciertos caracteres al final del nombre de dominio, como lo demostrado mediante los caracteres "." y "/", que no son capturados por los filtros de las listas negra... • http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2007-0802
https://notcve.org/view.php?id=CVE-2007-0802
07 Feb 2007 — Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. Mozilla Firefox 2.0.0.1 permite a atacantes remotos evitar el mecanismo de Protección de Phising añadiendo caracteres concretos al final del nombre de dominio, como se demuestra con los caractere "." y "/", que no se capturan por el filtro de lista negra... • http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 105EXPL: 1CVE-2006-6955
https://notcve.org/view.php?id=CVE-2006-6955
29 Jan 2007 — Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. Opera permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante una página web que contiene un gran número de etiquetas de marquesina anidadas, un problema relacionado con CVE-2006-2723. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0085.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 22%CPEs: 1EXPL: 1CVE-2007-0126 – Opera 9.10 - '.jpg' Image DHT Marker Heap Corruption
https://notcve.org/view.php?id=CVE-2007-0126
09 Jan 2007 — Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. Desbordamiento de búfer basado en montón en Opera 9.02 permite a atacantes remotos ejecutar código de su elección mediante un archivo JPEG con un número inválido de bytes de índice en el marcador de Definición de Tabla Huffman (Define Huffman Table o DHT). • https://www.exploit-db.com/exploits/3101 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 21%CPEs: 94EXPL: 0CVE-2007-0127
https://notcve.org/view.php?id=CVE-2007-0127
09 Jan 2007 — The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. El soporte para Javascript SVG en Opera anterior a 9.10 no valida adecuadamente los tipos de objeto en una petición createSVGTransformFromMatrix, lo cual permite a atacantes rem... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 22%CPEs: 2EXPL: 0CVE-2006-4819
https://notcve.org/view.php?id=CVE-2006-4819
17 Oct 2006 — Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). Desbordamiento de búfer basado en montículo en Opera 9.0 y 9.01 permite a atacantes remotos ejecutar código de su elección mediante una URL larga en una etiqueta (dirección de enlace larga). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •