
CVE-2005-3006
https://notcve.org/view.php?id=CVE-2005-3006
21 Sep 2005 — The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames. • http://marc.info/?l=bugtraq&m=112724692219695&w=2 •

CVE-2005-2407
https://notcve.org/view.php?id=CVE-2005-2407
28 Jul 2005 — A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking". Un error de diseño en Opera 8.01 y anteriores permite a atacantes con la implicación del usuario superponer una ventana nueva maliciosa sobre un cuadro de diálogo de descarga de fichero, y entonces engañar al usuario para que haga doble clic en el botón "E... • http://secunia.com/advisories/15781 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVE-2005-2405
https://notcve.org/view.php?id=CVE-2005-2405
28 Jul 2005 — Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code. Opera 8.0.1, cuando está instalado el font Arial Unicode MS, no maneja adecuadamente los caracteres ASCII extendidos en el diálogo de descarga de ficheros, lo que permite que atacantes remotos engañen con las extensiones de ficheros y posiblem... • http://secunia.com/advisories/15870 • CWE-20: Improper Input Validation •

CVE-2005-2406
https://notcve.org/view.php?id=CVE-2005-2406
28 Jul 2005 — Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. Opera 8.01 permite que atacantes remotos puedan realizar ataques con secuencias de comandos en sitios cruzados incitando al usuario a arrastrar una imagen que es una URI "javascript:". • http://secunia.com/advisories/15756 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2005-2309
https://notcve.org/view.php?id=CVE-2005-2309
19 Jul 2005 — Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg. Opera 8.01 permite que atacantes remotos causen una denegación de servicio (consumo de CPU) mediante una imagen JPEG amañada. Queda demostrado usando "random.jpg". • http://lcamtuf.coredump.cx/crash • CWE-400: Uncontrolled Resource Consumption •

CVE-2005-2273
https://notcve.org/view.php?id=CVE-2005-2273
13 Jul 2005 — Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." • http://secunia.com/advisories/15488 •

CVE-2005-1669
https://notcve.org/view.php?id=CVE-2005-1669
16 Jun 2005 — Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. • http://secunia.com/advisories/15411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2005-1475
https://notcve.org/view.php?id=CVE-2005-1475
16 Jun 2005 — The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. • http://secunia.com/advisories/15008 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVE-2005-1139
https://notcve.org/view.php?id=CVE-2005-1139
14 Apr 2005 — Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks. • http://www.geotrust.com/resources/advisory/sslorg/index.htm •

CVE-2005-0457
https://notcve.org/view.php?id=CVE-2005-0457
17 Feb 2005 — Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. • http://bugs.gentoo.org/show_bug.cgi?id=81747 • CWE-427: Uncontrolled Search Path Element •