CVE-2008-5679
https://notcve.org/view.php?id=CVE-2008-5679
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. El motor de análisis HTML en versiones de Opera anteriores a la 9.63 permite a atacantes remotos ejecutar código arbitrario a través de páginas web convenientemente modificadas ocasionando un calculo de puntero inválido y la corrupción del montículo (heap). • http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securityreason.com/securityalert/4791 http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/921 http://www.securityfocus.com/archive/1/499315/100/0/threaded http://www.securitytracker.com/id?1021460 • CWE-399: Resource Management Errors •
CVE-2008-4795 – Opera Web Browser 9.x - History Search and Links Panel Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4795
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. El panel de enlaces en Opera antes de v9.62 procesa el JavaScript dentro del contexto de la "última página" de un marco, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante ataques de secuencias de comandos en sitios cruzados (XSS) • https://www.exploit-db.com/exploits/32548 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.opera.com/support/search/view/907 http://www.securityfocus.com/bid/31991 http://www.securitytracker.com/id?1021127 https://exchange.xforce.ibmcloud.com/vulnerabilities/46220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4794
https://notcve.org/view.php?id=CVE-2008-4794
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. Opera antes de v9.62 permite a atacantes remotos ejecutar comandos de su elección mediante la página de resultados Search History, una vulnerabilidad distinta a CVE-2008-4696. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.opera.com/support/search/view/906 http://www.securityfocus.com/bid/31991 http://www.securitytracker.com/id?1021128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46219 • CWE-20: Improper Input Validation •
CVE-2008-4695
https://notcve.org/view.php?id=CVE-2008-4695
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. Opera versiones anteriores a v9.60 permite a atacantes remotos obtener información sensible y tener otros impactos desconocidos prediciendo la ruta de la caché de un applet de Java cacheado y entonces lanzar este applet desde la caché, llevando a cabo la ejecución del applet dentro del contexto de la máquina local. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32177 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securitytracker.com/id?1021017 http://www.openwall.com/lists/oss-security/2008/10/21/5 http://www.openwall.com/lists/oss-security/2008/10/22/5 http://www.opera.com/docs/changelogs/freebsd/960 http://www.opera.com/docs/changelogs& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4696 – Opera 9.50/9.61 historysearch - Command Execution
https://notcve.org/view.php?id=CVE-2008-4696
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Opera.dll de Opera versiones anteriores a v9.61 permite a atacantes remotos inyectar web script o HTML a través de identificadores ancla (también conocido como el "fragmento opcional"), el cual no escapa apropiadamente antes del almacenaje en la base de datos History Search (también conocido como md.dat). Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61. • https://www.exploit-db.com/exploits/9944 https://www.exploit-db.com/exploits/16304 https://www.exploit-db.com/exploits/6801 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32299 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securityreason.com/securityalert/4504 http://www.openwall.com/lists/oss-security/2008/10/21/6 http://www. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •