CVSS: 4.3EPSS: 83%CPEs: 74EXPL: 5CVE-2008-4696 – Opera historysearch XSS
https://notcve.org/view.php?id=CVE-2008-4696
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Opera.dll de Opera versiones anteriores a v9.61 permite a atacantes remotos inyectar web script o HTML a través de identificadores ancla (también conocido como el "fragmento opcional"), el cual no escapa apropiadamente antes del almacenaje en la base de datos History Search (también conocido como md.dat). Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61. • https://www.exploit-db.com/exploits/9944 https://www.exploit-db.com/exploits/16304 https://www.exploit-db.com/exploits/6801 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32299 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securityreason.com/securityalert/4504 http://www.openwall.com/lists/oss-security/2008/10/21/6 http://www. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 73EXPL: 0CVE-2008-4293
https://notcve.org/view.php?id=CVE-2008-4293
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. Vulnerabilidad no especificada en Opera antes de v9.52 para Windows, cuando se registra como un manejador del protocolo, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos en los cuales se ejecuta Opera a través de otras aplicaciones. • http://secunia.com/advisories/31549 http://www.opera.com/docs/changelogs/windows/952 http://www.opera.com/support/search/view/892 http://www.securityfocus.com/bid/30768 http://www.vupen.com/english/advisories/2008/2416 https://exchange.xforce.ibmcloud.com/vulnerabilities/44547 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3079
https://notcve.org/view.php?id=CVE-2008-3079
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Opera anterior a 9.51 en Windows, permite a atacantes ejecutar código de su elección a través de vectores desconocidos. • http://secunia.com/advisories/30937 http://www.opera.com/docs/changelogs/windows/951 http://www.vupen.com/english/advisories/2008/1998/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43576 •
CVSS: 9.3EPSS: 2%CPEs: 9EXPL: 1CVE-2008-1761
https://notcve.org/view.php?id=CVE-2008-1761
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. Opera anterior a 9.27 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante una fuente newsfeed manipulada, lo cual dispara un acceso a memoria inválido. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29662 http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/support/search/view/881 http://www.securityfocus.com/bid/28585 http://www.vupen.com/english/advisories/2008/1084/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41625 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 89EXPL: 0CVE-2008-1764
https://notcve.org/view.php?id=CVE-2008-1764
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." Una vulnerabilidad no especificada en Opera versiones anteriores a 9.27, presenta un impacto desconocido y vectores de ataque remotos relacionados con el "keyboard handling of password inputs". • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/docs/changelogs/windows/927 https://exchange.xforce.ibmcloud.com/vulnerabilities/41834 •