CVE-2008-1082
https://notcve.org/view.php?id=CVE-2008-1082
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. Opera versiones anteriores a 9.26 permite a atacantes remotos "evitar los filtos de limpieza" y realizar un ataque se secuencias de comandos en sitios cruzados (XSS) a través de valores de atributos manipulados en un documento XML, lo cual no son propiedades manejadas durante una presentación DOM. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/880 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6520
https://notcve.org/view.php?id=CVE-2007-6520
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuecias de comandos de dominios cruzados a través de vectores desconocidos relacionado con extensiones. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.securityfocus.com/bid/26937 http://www.securitytracker.com/id?1019131 http://www.vup • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6522
https://notcve.org/view.php?id=CVE-2007-6522
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. El texto enriquecido en la funcionalidad de edición de Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuencias de comandos de dominios cruzados utilizando el modo diseño (designMode) para modificar contenidos de páginas en otros dominios. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.opera.com/support/search/view/875 http://www.securityfocus.com/bid/26937 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6523
https://notcve.org/view.php?id=CVE-2007-6523
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. Vulnerabilidad de complejidad algorítmica en Opera 9.50 beta y 9.x anterior a 9.25 permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante un archivo bitmap (BMP) manipulado que dispara un gran número de cálculos y comprobaciones. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28314 http://securityreason.com/securityalert/3482 http://www.securityfocus.com/archive/1/484605/100/200/threaded http://www.securityfocus.com/bid/26721 http://www.vupen.com/english/advisories/2007/4261 • CWE-189: Numeric Errors CWE-399: Resource Management Errors •
CVE-2007-6524
https://notcve.org/view.php?id=CVE-2007-6524
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. Opera versiones anteriores a 9.25, permite a los atacantes remotos obtener contenido de memoria potencialmente confidencial por medio de un archivo de mapa de bits diseñado (BMP), como es demostrado usando un elemento CANVAS y JavaScript en un documento HTML para copiar estos contenidos desde versión 9.50 beta, un problema relacionado con CVE-2008-0420. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://osvdb.org/42691 http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://securitytracker.com/id?1019435 http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.opera.com/support/sear • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •