CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2005-2309
https://notcve.org/view.php?id=CVE-2005-2309
Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg. Opera 8.01 permite que atacantes remotos causen una denegación de servicio (consumo de CPU) mediante una imagen JPEG amañada. Queda demostrado usando "random.jpg". • http://lcamtuf.coredump.cx/crash http://www.securityfocus.com/archive/1/405298 http://www.securityfocus.com/archive/1/405524/30/0/threaded • CWE-400: Uncontrolled Resource Consumption •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2273
https://notcve.org/view.php?id=CVE-2005-2273
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." • http://secunia.com/advisories/15488 http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test http://secunia.com/secunia_research/2005-8 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1475
https://notcve.org/view.php?id=CVE-2005-1475
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. • http://secunia.com/advisories/15008 http://secunia.com/secunia_research/2005-4/advisory http://www.securityfocus.com/bid/13970 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1669
https://notcve.org/view.php?id=CVE-2005-1669
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. • http://secunia.com/advisories/15411 http://secunia.com/secunia_research/2005-5/advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-1139
https://notcve.org/view.php?id=CVE-2005-1139
Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks. • http://www.geotrust.com/resources/advisory/sslorg/index.htm http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm http://www.novell.com/linux/security/advisories/2005_31_opera.html http://www.securityfocus.com/bid/13176 https://exchange.xforce.ibmcloud.com/vulnerabilities/40503 •