Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.

The Secunia Research team from Flexera is comprised of a number of security specialists who—in addition to testing, verifying, and validating public vulnerability reports—conduct their own vulnerability research in various products. Since the founding of the Secunia Research team in 2002, it has been our goal to be provide the most accurate and reliable source of vulnerability intelligence.

Delivering the world’s best vulnerability intelligence requires skill and passion. The members of our team continually develop their skills exploring various high-profile closed and open source software using a variety of approaches, focusing chiefly on thorough code audits and binary analysis.   In 2019 a member of our team was recognized by Microsoft’s Most Valuable Security Researchers list.

This enables Secunia researchers to discover hard-to-find vulnerabilities that are not normally identified via techniques such as fuzzing, and the approach has been effective. Members of the Secunia Research team have discovered critical vulnerabilities in products from vendors including Microsoft, Symantec, IBM, Adobe, RealNetworks, Trend Micro, HP, Blue Coat, Samba, CA, Mozilla, and Apple.

The team produces invaluable security advisories based upon the research of the vulnerabilities affecting any given software update. Sometimes a single update can address multiple vulnerabilities of varying criticalities and threats; but these advisories aggregate and distill findings down to a single advisory perfect for the prioritization of patch efforts. In these advisories, criticality scores are consistently applied along with details around attack vector and other valuable details. Illegitimate vulnerability reports are also investigated and rejected so you can focus only on what truly matters.

**Related links**

*   Software Vulnerability Research
    
*   Software Vulnerability Research - Secunia Data
    
*   Software Vulnerability Manager
    
*   Security advisories from Secunia Research
    
*   Anatomy of a security advisory
    
*   Vulnerability Disclosure Policy
    
*   Support
    

Informing IT, Transforming IT

**Industry insights to help keep you informed**

CVE-2005-3750: About Secunia Research | Flexera

Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

CVE-2005-3699: About Secunia Research | Flexera

Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.

CVE-2005-3007: About Secunia Research | Flexera

Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

CVE-2005-2273: About Secunia Research | Flexera

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

HPE MyAccount

**HPE MyAccount**

HPE MyAccount

HPE MyAccount

My Bookmarks

My Bookmarks

Manage Account

Manage Account

Sign Out

**My Cart**

****Your cart is currently empty****

Head to the HPE store to browse, configure and order.

Shop now

**Something went wrong**

Try viewing your cart in the HPE Store or check back later.  

View cart

View cart Checkout

HPE Ecosystem

*   HPE GreenLake
*   
*   Cloud Consoles
    
*   Cloud Services
*   Data Services
*   Compute Ops Management
*   Aruba Central
*   
*   HPE GreenLake Administration
    
*   Manage Account
*   Manage Devices
*   
*   HPE Resources
    
*   Support Center
*   Financial Services
*   Developer
*   Communities

HPE GreenLake

EDGE TO CLOUD

**HPE GreenLake**

Accelerate your data-first modernization with the HPE GreenLake edge-to-cloud platform, which brings the cloud to wherever your apps and data live.

HPE GreenLake

Accelerate your data-first modernization with the HPE GreenLake edge-to-cloud platform, which brings the cloud to wherever your apps and data live.

Learn more about HPE GreenLake platform

TEST DRIVE

**Experience HPE GreenLake cloud services**

This guided, hands-on experience allows you to explore cloud services in a live production environment.

Experience HPE GreenLake cloud services

This guided, hands-on experience allows you to explore cloud services in a live production environment.

Get started

CLOUD SERVICES

*   AI, ML, and analytics
*   Business applications
*   Compute
*   Containers
*   Data protection
*   Database
*   Edge
*   HPC
*   Hybrid and multicloud

*   Hyperconverged
*   Migration
*   Networking
*   Private cloud
*   SAP
*   Security, risk, and compliance
*   Storage
*   VDI
*   Virtualization

INDUSTRY

*   Financial Services
*   Healthcare
*   Manufacturing
*   Public Sector
*   Telco

PARTNERS

*   Marketplace
*   HPE GreenLake for partners

Products

See all products and solutions

EDGE TO CLOUD

**Edge to cloud platform solutions**

HPE GreenLake is the open and secure edge-to-cloud platform that you've been waiting for.

Edge to cloud platform solutions

HPE GreenLake is the open and secure edge-to-cloud platform that you've been waiting for.

*   Platform
*   Edge
*   Data
*   Cloud
*   Security

SOLUTIONS BY CATEGORY

*   Data Storage
*   High Performance Computing (HPC)
*   Compute
*   Networking
*   Software
*   Services

See all products and solutions

More...

LATEST NEWS & MEDIA

**Discover More Network**

Our exclusive network featured original series, podcasts, news, resources, and events.Learn more.

Discover More Network

Our exclusive network featured original series, podcasts, news, resources, and events.Learn more.

Learn more

COMPANY

**About HPE**

Learn about our company, our purpose, and read the latest news to see how we’re driving innovation to make it easier to reimagine tomorrow.

About HPE

Learn about our company, our purpose, and read the latest news to see how we’re driving innovation to make it easier to reimagine tomorrow.

Learn more

EVENT

**Discover 2022**

Join HPE experts, leading companies, and industry luminaries and learn how to accelerate your data-first modernization across edge to cloud.

Discover 2022

Join HPE experts, leading companies, and industry luminaries and learn how to accelerate your data-first modernization across edge to cloud.

Learn more

RESOURCES

*   HPE Customer Centers
*   Communities
*   Customer Stories
*   All Blogs & Forums
*   How to buy

CVE-2005-2224: 404 Error

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.

CVE-2005-1669: About Secunia Research | Flexera

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.

CVE-2005-1475: About Secunia Research | Flexera

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

CVE-2004-1157: About Secunia Research | Flexera

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.

CVE-2004-2260: About Secunia Research | Flexera

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.

Tag

#microsoft