CVE-2007-2274 – Opera 9.2 - '.torrent' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-2274
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain. La implementación de BitTorrent en Opera versión 9.2, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y bloqueo de aplicación) por medio de un archivo torrent malformado. NOTA: la divulgación original hace referencia a esto como una pérdida de memoria, pero no es seguro. • https://www.exploit-db.com/exploits/3784 https://exchange.xforce.ibmcloud.com/vulnerabilities/34079 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://secunia.com/advisories/24877 http://secunia.com/advisories/25027 http://secunia.com/advisories/25432 http://secunia.com/advisories/25662 http://secunia.com/advisories/25669 http://secunia.com/advisories/25894 http://secunia.com/advisories/25933 http://secunia.com/advisories/26027 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/26860 http:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-1737
https://notcve.org/view.php?id=CVE-2007-1737
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. Opera 9.10 no comprueba los URLs embebidos en etiquetas HTML (1) object o (2) iframe contra la lista negra de sitios fraudulentos (phishing), lo cual permite a atacantes remotos evitar la protección contra phishing. • http://securityreason.com/securityalert/2488 http://www.securityfocus.com/archive/1/464041/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33488 •
CVE-2007-1563 – Opera 9.x - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1563
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Opera versión 9.10, aprueba que atacantes remotos permitan a servidores remotos forzar al cliente a conectarse a otros servidores, realizar un análisis de puerto apoderado u obtener información confidencial especificando una dirección de servidor alternativa en una respuesta PASV FTP. • https://www.exploit-db.com/exploits/29769 http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf http://secunia.com/advisories/25027 http://www.novell.com/linux/security/advisories/2007_28_opera.html http://www.securityfocus.com/bid/23089 http://www.securitytracker.com/id?1017802 http://www.vupen.com/english/advisories/2007/1075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-1377 – Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption
https://notcve.org/view.php?id=CVE-2007-1377
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, ó Opera, permite a atacantes remotos provocar una denegación de servicio (agotamiento sin especificar de recursos) mediante una URL .pdf con un identificador de marcador que comienza con search= seguido de muchas secuencias %n, vulnerabilidad distinta a CVE-2006-6027 y CVE-2006-6236. • https://www.exploit-db.com/exploits/3430 http://www.securityfocus.com/bid/22856 http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32896 • CWE-400: Uncontrolled Resource Consumption •