CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 3CVE-2007-1377 – Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption
https://notcve.org/view.php?id=CVE-2007-1377
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, ó Opera, permite a atacantes remotos provocar una denegación de servicio (agotamiento sin especificar de recursos) mediante una URL .pdf con un identificador de marcador que comienza con search= seguido de muchas secuencias %n, vulnerabilidad distinta a CVE-2006-6027 y CVE-2006-6236. • https://www.exploit-db.com/exploits/3430 http://www.securityfocus.com/bid/22856 http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32896 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 105EXPL: 1CVE-2006-6955
https://notcve.org/view.php?id=CVE-2006-6955
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. Opera permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante una página web que contiene un gran número de etiquetas de marquesina anidadas, un problema relacionado con CVE-2006-2723. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0085.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26898 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 16%CPEs: 94EXPL: 0CVE-2007-0127
https://notcve.org/view.php?id=CVE-2007-0127
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. El soporte para Javascript SVG en Opera anterior a 9.10 no valida adecuadamente los tipos de objeto en una petición createSVGTransformFromMatrix, lo cual permite a atacantes remotos ejecutar código de su elección mediante código JavaScript que utiliza un objeto inválido en esta petición que provoca que un puntero controlado sea referenciado durante la llamada a la función virtual. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html http://osvdb.org/31575 http://secunia.com/advisories/23613 http://secunia.com/advisories/23739 http://secunia.com/advisories/23771 http://securitytracker.com/id?1017473 http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml http://www.opera.com/support/search/supsearch.dml?index=851 http://www.vupen.com/english/advisories/2007/0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 9%CPEs: 88EXPL: 4CVE-2006-1834 – Opera Web Browser 8.52 - Stylesheet Attribute Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1834
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. Error de entero sin signo en Opera en versiones anteriores a 8.54 permite a atacantes remotos ejecutar código arbitrario a través de valores largos en un atributo de la hoja de estilos, lo que pasa una verificación de longitud. NOTA: un problema de extensión de signo hace el ataque más fácil con cadenas cortas. • https://www.exploit-db.com/exploits/27641 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://marc.info/?l=full-disclosure&m=114493114031891&w=2 http://secunia.com/advisories/20117 http://security.gentoo.org/glsa/glsa-200606-01.xml http://securitytracker.com/id?1015912 http://www.opera.com/docs/changelogs/windows/854 http://www.sec-consult.com/259.html http://www.securityfocus.com/archive/1/430876/100/0/threaded http://www.securityfocus.c • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2005-3699
https://notcve.org/view.php?id=CVE-2005-3699
Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. • http://secunia.com/advisories/17571 •