This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opera Software First view 2002-05-29
Product Opera Web Browser Last view 2007-08-15
Version 9.10 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:opera_software:opera_web_browser

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2007-08-15 CVE-2007-4367

Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."

9.3 2007-07-20 CVE-2007-3929

Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.

9.3 2007-05-22 CVE-2007-2809

Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.

5 2005-01-12 CVE-2005-0456

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.

2.6 2004-07-07 CVE-2004-0473

Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.

7.5 2004-07-07 CVE-2004-0411

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

4.3 2002-05-29 CVE-2002-0270

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-88 OS Command Injection
CAPEC-133 Try All Common Application Switches and Options

Open Source Vulnerability Database (OSVDB)

id Description
57115 Opera MIME Content-Type Header Processing Weakness Cross-content XSS
38125 Opera Multiple Unspecified JavaScript DoS
38124 Opera Crafted JavaScript Arbitrary Code Execution
38123 Opera BitTorrent File Header Parsing Use-after-free Arbitrary Code Execution
36229 Opera Transfer Manager Torrent File Handling Overflow
12867 Opera data: URI Handler Application Spoofing
6107 Multiple Browser Telnet URI Handler File Manipulation

OpenVAS Exploits

id Description
2009-01-28 Name : SuSE Update for opera SUSE-SA:2007:050
File : nvt/gb_suse_2007_050.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-11 (kdelibs)
File : nvt/glsa_200405_11.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-19 (opera)
File : nvt/glsa_200405_19.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200502-17 (Opera)
File : nvt/glsa_200502_17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200708-17 (opera)
File : nvt/glsa_200708_17.nasl
2008-09-04 Name : FreeBSD Ports: linux-opera, opera
File : nvt/freebsd_linux-opera.nasl
2008-09-04 Name : FreeBSD Ports: opera, opera-devel, linux-opera
File : nvt/freebsd_opera.nasl
2008-09-04 Name : FreeBSD Ports: opera, opera-devel, linux-opera
File : nvt/freebsd_opera7.nasl
2008-01-17 Name : Debian Security Advisory DSA 518-1 (kdelibs)
File : nvt/deb_518_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2004-238-01 kdelibs
File : nvt/esoft_slk_ssa_2004_238_01.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Telnet protocol specifier command injection attempt
RuleID : 20698 - Type : FILE-OTHER - Revision : 7

Nessus® Vulnerability Scanner

id Description
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_df333edea8ce11d89c6d0020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_opera-4172.nasl - Type: ACT_GATHER_INFO
2007-09-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200708-17.nasl - Type: ACT_GATHER_INFO
2007-08-16 Name: The remote host contains a web browser that is affected by an arbitrary code ...
File: opera_923.nasl - Type: ACT_GATHER_INFO
2007-07-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_12d266b6363f11dcb6c9000c6ec775d9.nasl - Type: ACT_GATHER_INFO
2007-07-23 Name: The remote host contains a web browser that is affected by multiple issues.
File: opera_922.nasl - Type: ACT_GATHER_INFO
2007-05-21 Name: The remote host contains a web browser that is prone to a buffer overflow att...
File: opera_921.nasl - Type: ACT_GATHER_INFO
2005-07-20 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2005_031.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_20c9bb1481e611d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2004-238-01.nasl - Type: ACT_GATHER_INFO
2005-02-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200502-17.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-518.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200405-19.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200405-11.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2004-047.nasl - Type: ACT_GATHER_INFO
2004-07-25 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2003_014.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-122.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-121.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2004-222.nasl - Type: ACT_GATHER_INFO