CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://secunia.com/advisories/24877 http://secunia.com/advisories/25027 http://secunia.com/advisories/25432 http://secunia.com/advisories/25662 http://secunia.com/advisories/25669 http://secunia.com/advisories/25894 http://secunia.com/advisories/25933 http://secunia.com/advisories/26027 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/26860 http:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-1737
https://notcve.org/view.php?id=CVE-2007-1737
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. Opera 9.10 no comprueba los URLs embebidos en etiquetas HTML (1) object o (2) iframe contra la lista negra de sitios fraudulentos (phishing), lo cual permite a atacantes remotos evitar la protección contra phishing. • http://securityreason.com/securityalert/2488 http://www.securityfocus.com/archive/1/464041/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33488 •
CVE-2007-1563 – Opera 9.x - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1563
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Opera versión 9.10, aprueba que atacantes remotos permitan a servidores remotos forzar al cliente a conectarse a otros servidores, realizar un análisis de puerto apoderado u obtener información confidencial especificando una dirección de servidor alternativa en una respuesta PASV FTP. • https://www.exploit-db.com/exploits/29769 http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf http://secunia.com/advisories/25027 http://www.novell.com/linux/security/advisories/2007_28_opera.html http://www.securityfocus.com/bid/23089 http://www.securitytracker.com/id?1017802 http://www.vupen.com/english/advisories/2007/1075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-1115
https://notcve.org/view.php?id=CVE-2007-1115
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. Los marcos secundarios en Opera 9 antes de la versión 9.20 heredan el conjunto de caracteres por defecto de la ventana principal cuando no se especifica un conjunto de caracteres en un encabezado de tipo de contenido HTTP o etiqueta META, lo que permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS), como se demuestra utilizando el conjunto de caracteres UTF-7. • http://osvdb.org/32118 http://secunia.com/advisories/24312 http://secunia.com/advisories/25027 http://www.hardened-php.net/advisory_032007.142.html http://www.novell.com/linux/security/advisories/2007_28_opera.html http://www.opera.com/support/search/view/855 http://www.securityfocus.com/archive/1/461076/100/0/threaded http://www.securityfocus.com/bid/22701 http://www.securitytracker.com/id?1017909 http://www.vupen.com/english/advisories/2007/0745 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-0802
https://notcve.org/view.php?id=CVE-2007-0802
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. Mozilla Firefox 2.0.0.1 permite a atacantes remotos evitar el mecanismo de Protección de Phising añadiendo caracteres concretos al final del nombre de dominio, como se demuestra con los caractere "." y "/", que no se capturan por el filtro de lista negra Lista de Phising. • http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php http://osvdb.org/33705 http://www.securityfocus.com/archive/1/459265/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=367538 • CWE-20: Improper Input Validation •