CVSS: 5.1EPSS: 9%CPEs: 88EXPL: 4CVE-2006-1834 – Opera Web Browser 8.52 - Stylesheet Attribute Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1834
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. Error de entero sin signo en Opera en versiones anteriores a 8.54 permite a atacantes remotos ejecutar código arbitrario a través de valores largos en un atributo de la hoja de estilos, lo que pasa una verificación de longitud. NOTA: un problema de extensión de signo hace el ataque más fácil con cadenas cortas. • https://www.exploit-db.com/exploits/27641 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://marc.info/?l=full-disclosure&m=114493114031891&w=2 http://secunia.com/advisories/20117 http://security.gentoo.org/glsa/glsa-200606-01.xml http://securitytracker.com/id?1015912 http://www.opera.com/docs/changelogs/windows/854 http://www.sec-consult.com/259.html http://www.securityfocus.com/archive/1/430876/100/0/threaded http://www.securityfocus.c • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 1%CPEs: 84EXPL: 0CVE-2005-3006
https://notcve.org/view.php?id=CVE-2005-3006
The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames. • http://marc.info/?l=bugtraq&m=112724692219695&w=2 http://secunia.com/advisories/16645 http://secunia.com/secunia_research/2005-42/advisory http://www.opera.com/docs/changelogs/linux/850 http://www.opera.com/docs/changelogs/windows/850 http://www.osvdb.org/19508 http://www.securityfocus.com/advisories/9339 http://www.securityfocus.com/bid/14880 http://www.vupen.com/english/advisories/2005/1789 https://exchange.xforce.ibmcloud.com/vulnerabilities/22335 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0872
https://notcve.org/view.php?id=CVE-2004-0872
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." • http://securityfocus.com/archive/1/375407 http://securitytracker.com/id?1011329 http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2004-0717
https://notcve.org/view.php?id=CVE-2004-0717
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Opera 7.51 para Windows y 7.50 para Linux no previene apropiadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. También conocida como vulnerabilidad de inyección en marcos. • http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 •