CVE-2008-5683
https://notcve.org/view.php?id=CVE-2008-5683
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. Una vulnerabilidad sin especificar en Opera 9.63 permite antes de atacantes remotos "revelar datos aleatorios" a través de vectores desconocidos. • http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securitytracker.com/id?1021459 http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-5682
https://notcve.org/view.php?id=CVE-2008-5682
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Opera en versiones anteriores a 9.63 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios a través de plantillas XSLT pre-instaladas. • http://osvdb.org/50951 http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/924 http://www.securitytracker.com/id?1021462 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-5679
https://notcve.org/view.php?id=CVE-2008-5679
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. El motor de análisis HTML en versiones de Opera anteriores a la 9.63 permite a atacantes remotos ejecutar código arbitrario a través de páginas web convenientemente modificadas ocasionando un calculo de puntero inválido y la corrupción del montículo (heap). • http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securityreason.com/securityalert/4791 http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/921 http://www.securityfocus.com/archive/1/499315/100/0/threaded http://www.securitytracker.com/id?1021460 • CWE-399: Resource Management Errors •
CVE-2008-5428
https://notcve.org/view.php?id=CVE-2008-5428
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. Opera v9.51 en Windows XP no gestiona apropiadamente 1) mensajes de correo multipart/mixed con muchas partes MIME y posiblemente (2) mensajes de correo electrónico con muchas cabeceras "Content-type: message/rfc822;", lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila o consumo de otros recursos) mediante un correo electrónico de gran tamaño, un problema relacionado a CVE-2006-1173. • http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro http://securityreason.com/securityalert/4721 http://www.securityfocus.com/archive/1/499038/100/0/threaded http://www.securityfocus.com/archive/1/499045/100/0/threaded • CWE-399: Resource Management Errors •
CVE-2008-4795 – Opera Web Browser 9.x - History Search and Links Panel Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4795
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. El panel de enlaces en Opera antes de v9.62 procesa el JavaScript dentro del contexto de la "última página" de un marco, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante ataques de secuencias de comandos en sitios cruzados (XSS) • https://www.exploit-db.com/exploits/32548 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.opera.com/support/search/view/907 http://www.securityfocus.com/bid/31991 http://www.securitytracker.com/id?1021127 https://exchange.xforce.ibmcloud.com/vulnerabilities/46220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •