CVSS: 9.3EPSS: 10%CPEs: 114EXPL: 1CVE-2008-5680 – Opera 9.62 - 'file://' Local Heap Overflow
https://notcve.org/view.php?id=CVE-2008-5680
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178. Múltiples desbordamientos de búfer en versiones de Opera anteriores a la 9.63 podrían permitir (1) a atacantes remotos ejecutar código arbitrario a través de un textarea convenientemente modificada, o permitir (2) con ayuda de los usuarios a atacantes remotos ejecutar código arbitrario a través de un nombre de host demasiado largo en un archivo. • https://www.exploit-db.com/exploits/7135 http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securitytracker.com/id?1021457 http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/920 http://www.opera.com/support/kb/view/922 http://www.securityfocus.com/archive/1/498452/100/0/threaded http://www.securityfocus.com/archive/1/498481/100/0/threaded http://www.securityfocus.com/archive/1/498499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5681
https://notcve.org/view.php?id=CVE-2008-5681
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. Opera en versiones anteriores a la 9.63, no bloquea "URLs en scripts" durante la vista previa de servicios de suscipción a noticias, lo que permite a atacantes remotos leer las suscripciones y forzar suscripciones a URLs de noticias. • http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/923 http://www.securitytracker.com/id?1021461 •
CVSS: 7.8EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5683
https://notcve.org/view.php?id=CVE-2008-5683
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. Una vulnerabilidad sin especificar en Opera 9.63 permite antes de atacantes remotos "revelar datos aleatorios" a través de vectores desconocidos. • http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://securitytracker.com/id?1021459 http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 114EXPL: 0CVE-2008-5682
https://notcve.org/view.php?id=CVE-2008-5682
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Opera en versiones anteriores a 9.63 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarios a través de plantillas XSLT pre-instaladas. • http://osvdb.org/50951 http://secunia.com/advisories/34294 http://security.gentoo.org/glsa/glsa-200903-30.xml http://www.opera.com/docs/changelogs/linux/963 http://www.opera.com/support/kb/view/924 http://www.securitytracker.com/id?1021462 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 88EXPL: 0CVE-2008-4698
https://notcve.org/view.php?id=CVE-2008-4698
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. Opera antes de la v9.61 no bloquea correctamente los scripts durante la previsualización de una fuente de noticias, lo que permite a atacantes remotos crear subscripciones de nuevas fuentes y leer los contenidos de fuentes aleatorias. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://secunia.com/advisories/32299 http://secunia.com/advisories/32394 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/10/21/6 http://www.openwall.com/lists/oss-security/2008/10/22/5 http://www.opera.com/docs/changelogs/freebsd/961 http://www.opera.com/docs/changelogs/linux/961 http://www.opera.com&#x • CWE-264: Permissions, Privileges, and Access Controls •