CVE-2006-3198
https://notcve.org/view.php?id=CVE-2006-3198
Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended. Desbordamiento de entero en Opera v8.54 y anteriores permite a atacantes remotos ejecutar código de su elección a través de una imagen JPEG con medidas excesivas de ancho y largo, lo que provoca se reserve menos memoria de la que se requiere. • http://secunia.com/advisories/20787 http://secunia.com/advisories/20897 http://securityreason.com/securityalert/1133 http://securitytracker.com/id?1016362 http://www.novell.com/linux/security/advisories/2006_38_opera.html http://www.securityfocus.com/archive/1/438074/100/0/threaded http://www.securityfocus.com/bid/18594 http://www.vigilantminds.com/advi_detail.php?id=45 http://www.vupen.com/english/advisories/2006/2491 https://exchange.xforce.ibmcloud.com/vulnerabilities/27318 • CWE-190: Integer Overflow or Wraparound •
CVE-2006-1834 – Opera Web Browser 8.52 - Stylesheet Attribute Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1834
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. Error de entero sin signo en Opera en versiones anteriores a 8.54 permite a atacantes remotos ejecutar código arbitrario a través de valores largos en un atributo de la hoja de estilos, lo que pasa una verificación de longitud. NOTA: un problema de extensión de signo hace el ataque más fácil con cadenas cortas. • https://www.exploit-db.com/exploits/27641 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://marc.info/?l=full-disclosure&m=114493114031891&w=2 http://secunia.com/advisories/20117 http://security.gentoo.org/glsa/glsa-200606-01.xml http://securitytracker.com/id?1015912 http://www.opera.com/docs/changelogs/windows/854 http://www.sec-consult.com/259.html http://www.securityfocus.com/archive/1/430876/100/0/threaded http://www.securityfocus.c • CWE-189: Numeric Errors •
CVE-2005-4718 – Opera 8.02 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-4718
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute. • https://www.exploit-db.com/exploits/1254 https://www.exploit-db.com/exploits/1255 http://securitytracker.com/id?1015067 http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5054 http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5055 •
CVE-2005-4210
https://notcve.org/view.php?id=CVE-2005-4210
Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title. • http://secunia.com/advisories/17963 http://www.opera.com/support/search/supsearch.dml?index=821 http://www.osvdb.org/21641 http://www.securityfocus.com/bid/15813 http://www.vupen.com/english/advisories/2005/2846 https://exchange.xforce.ibmcloud.com/vulnerabilities/23549 •
CVE-2005-3946
https://notcve.org/view.php?id=CVE-2005-3946
Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. • http://www.illegalaccess.org/exploit/opera85/OperaApplet.html http://www.securityfocus.com/archive/1/418201/100/0/threaded http://www.securityfocus.com/archive/1/418274/100/0/threaded http://www.securityfocus.com/bid/15648 • CWE-20: Improper Input Validation •