CVE-2008-1764
https://notcve.org/view.php?id=CVE-2008-1764
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." Una vulnerabilidad no especificada en Opera versiones anteriores a 9.27, presenta un impacto desconocido y vectores de ataque remotos relacionados con el "keyboard handling of password inputs". • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/docs/changelogs/windows/927 https://exchange.xforce.ibmcloud.com/vulnerabilities/41834 •
CVE-2008-1081
https://notcve.org/view.php?id=CVE-2008-1081
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. Opera en versiones anteriores a 9.26 permite a atacantes remotos con la complicidad del usuario ejecutar secuencias de comandos de su elección a través de imágenes que contienen comentarios personalizados, las cuales son tratadas como una secuencia de comandos cuando el usuario muestra las propiedades de una imagen. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/879 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-1082
https://notcve.org/view.php?id=CVE-2008-1082
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. Opera versiones anteriores a 9.26 permite a atacantes remotos "evitar los filtos de limpieza" y realizar un ataque se secuencias de comandos en sitios cruzados (XSS) a través de valores de atributos manipulados en un documento XML, lo cual no son propiedades manejadas durante una presentación DOM. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/880 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1080
https://notcve.org/view.php?id=CVE-2008-1080
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. Opera antes de 9.26 permite a atacantes remotos asistidos por el usuario leer archivos de su elección engañando al usuario para que escriba los caracteres de nombre de archivo objetivo en un fichero de entrada. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html http://secunia.com/advisories/29029 http://secunia.com/advisories/29152 http://secunia.com/advisories/29178 http://security.gentoo.org/glsa/glsa-200803-09.xml http://www.opera.com/docs/changelogs/linux/926 http://www.opera.com/support/search/view/877 http://www.securityfocus.com/bid/27901 http://www.vupen.com/english/advisories/2008/0622 • CWE-20: Improper Input Validation •
CVE-2007-6520
https://notcve.org/view.php?id=CVE-2007-6520
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. Opera anterior a 9.25 permite a atacantes remotos llevar a cabo ataques de secuecias de comandos de dominios cruzados a través de vectores desconocidos relacionado con extensiones. • http://bugs.gentoo.org/show_bug.cgi?id=202770 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html http://secunia.com/advisories/28169 http://secunia.com/advisories/28290 http://secunia.com/advisories/28314 http://security.gentoo.org/glsa/glsa-200712-22.xml http://www.opera.com/docs/changelogs/linux/925 http://www.opera.com/docs/changelogs/windows/925 http://www.securityfocus.com/bid/26937 http://www.securitytracker.com/id?1019131 http://www.vup • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •