CVE-2007-3142
https://notcve.org/view.php?id=CVE-2007-3142
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. Vulnerabilidad de truncamiento visual en Opera 9.21 permite a atacantes remotos evenenar la barra de dirección y posiblemente realizar ataques de phishing a través de un nombre de host largo, el cual está truncado después de 34 caracteres, como se demostró por el ataque de phishing utilizando HTTP Basic Authentication. • http://osvdb.org/43463 http://secunia.com/advisories/26545 http://security.gentoo.org/glsa/glsa-200708-17.xml http://testing.bitsploit.de/test.html http://www.0x000000.com/?i=334 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24352 https://exchange.xforce.ibmcloud.com/vulnerabilities/34983 •
CVE-2007-2809
https://notcve.org/view.php?id=CVE-2007-2809
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. Desbordamiento de búfer en el administrador de transferencias en Opera anterior a 9.21 para Windows permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante un archivo torrent manipulado. NOTA: debido a la falta de detalles, no está claro si este es el mismo problema que CVE-2007-2274. • http://isc.sans.org/diary.html?storyid=2823 http://osvdb.org/36229 http://secunia.com/advisories/25278 http://securitytracker.com/id?1018089 http://www.opera.com/support/search/view/860 http://www.securityfocus.com/bid/24080 http://www.vupen.com/english/advisories/2007/1888 https://exchange.xforce.ibmcloud.com/vulnerabilities/34470 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2007-2274 – Opera 9.2 - '.torrent' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-2274
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain. La implementación de BitTorrent en Opera versión 9.2, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y bloqueo de aplicación) por medio de un archivo torrent malformado. NOTA: la divulgación original hace referencia a esto como una pérdida de memoria, pero no es seguro. • https://www.exploit-db.com/exploits/3784 https://exchange.xforce.ibmcloud.com/vulnerabilities/34079 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://secunia.com/advisories/24877 http://secunia.com/advisories/25027 http://secunia.com/advisories/25432 http://secunia.com/advisories/25662 http://secunia.com/advisories/25669 http://secunia.com/advisories/25894 http://secunia.com/advisories/25933 http://secunia.com/advisories/26027 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/26860 http:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-1737
https://notcve.org/view.php?id=CVE-2007-1737
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. Opera 9.10 no comprueba los URLs embebidos en etiquetas HTML (1) object o (2) iframe contra la lista negra de sitios fraudulentos (phishing), lo cual permite a atacantes remotos evitar la protección contra phishing. • http://securityreason.com/securityalert/2488 http://www.securityfocus.com/archive/1/464041/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33488 •