Search...

openSUSE 10 Security Update : opera (opera-4575)

2007-10-24T00:00:00

ID SUSE_OPERA-4575.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
Modified 2007-10-24T00:00:00

Description

This version update of Opera to 9.24 fixes numerous defects including some security problems. (CVE-2007-5540,CVE-2007-5541)

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update opera-4575.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27533);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-5540", "CVE-2007-5541");

  script_name(english:"openSUSE 10 Security Update : opera (opera-4575)");
  script_summary(english:"Check for the opera-4575 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This version update of Opera to 9.24 fixes numerous defects including
some security problems. (CVE-2007-5540,CVE-2007-5541)"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected opera package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(20);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"opera-9.24-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"opera-9.24-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"opera-9.24-0.1") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera");
}

JSON Vulners Source

Initial Source

{"id": "SUSE_OPERA-4575.NASL", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : opera (opera-4575)", "description": "This version update of Opera to 9.24 fixes numerous defects including\nsome security problems. (CVE-2007-5540,CVE-2007-5541)", "published": "2007-10-24T00:00:00", "modified": "2007-10-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/27533", "reporter": "This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "type": "nessus", "lastseen": "2021-01-17T14:46:51", "edition": 23, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5541", "CVE-2007-5540"]}, {"type": "gentoo", "idList": ["GLSA-200710-31"]}, {"type": "openvas", "idList": ["OPENVAS:58777", "OPENVAS:58710"]}, {"type": "freebsd", "idList": ["44224E08-8306-11DC-9283-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8302", "SECURITYVULNS:DOC:18320"]}, {"type": "seebug", "idList": ["SSV:2319"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_44224E08830611DC92830016179B2DD5.NASL", "OPERA_924.NASL", "GENTOO_GLSA-200710-31.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:38126", "OSVDB:38127"]}], "modified": "2021-01-17T14:46:51", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-01-17T14:46:51", "rev": 2}, "vulnersScore": 7.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update opera-4575.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27533);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5540\", \"CVE-2007-5541\");\n\n script_name(english:\"openSUSE 10 Security Update : opera (opera-4575)\");\n script_summary(english:\"Check for the opera-4575 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version update of Opera to 9.24 fixes numerous defects including\nsome security problems. (CVE-2007-5540,CVE-2007-5541)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"opera-9.24-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"opera-9.24-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"opera-9.24-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "27533", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.1"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:26:08", "description": "Unspecified vulnerability in Opera before 9.24, when using an \"external\" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2007-10-18T00:17:00", "title": "CVE-2007-5541", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5541"], "modified": "2017-07-29T01:33:00", "cpe": ["cpe:/a:opera:opera_browser:8.53", "cpe:/a:opera:opera_browser:3.21", "cpe:/a:opera:opera_browser:3.62", "cpe:/a:opera:opera_browser:7.21", "cpe:/a:opera:opera_browser:6.1", "cpe:/a:opera:opera_browser:7.50", "cpe:/a:opera:opera_browser:7.03", "cpe:/a:opera:opera_browser:5.11", "cpe:/a:opera:opera_browser:8.0", "cpe:/a:opera:opera_browser:1.00", "cpe:/a:opera:opera_browser:8.54", "cpe:/a:opera:opera_browser:7.51", "cpe:/a:opera:opera_browser:7.22", "cpe:/a:opera:opera_browser:8.50", "cpe:/a:opera:opera_browser:6.06", "cpe:/a:opera:opera_browser:9.0", "cpe:/a:opera:opera_browser:9.20", "cpe:/a:opera:opera_browser:7.20", "cpe:/a:opera:opera_browser:7.0", "cpe:/a:opera:opera_browser:3.51", "cpe:/a:opera:opera_browser:2.00", "cpe:/a:opera:opera_browser:3.50", "cpe:/a:opera:opera_browser:2.10", "cpe:/a:opera:opera_browser:2.12", "cpe:/a:opera:opera_browser:4.02", "cpe:/a:opera:opera_browser:6.11", "cpe:/a:opera:opera_browser:9.23", "cpe:/a:opera:opera_browser:8.02", "cpe:/a:opera:opera_browser:6.02", "cpe:/a:opera:opera_browser:5.02", "cpe:/a:opera:opera_browser:5.0", "cpe:/a:opera:opera_browser:8.51", "cpe:/a:opera:opera_browser:8.01", "cpe:/a:opera:opera_browser:6.04", "cpe:/a:opera:opera_browser:4.01", "cpe:/a:opera:opera_browser:6.01", "cpe:/a:opera:opera_browser:9.21", "cpe:/a:opera:opera_browser:6.03", "cpe:/a:opera:opera_browser:3.00", "cpe:/a:opera:opera_browser:9.12", "cpe:/a:opera:opera_browser:7.52", "cpe:/a:opera:opera_browser:7.54", "cpe:/a:opera:opera_browser:7.60", "cpe:/a:opera:opera_browser:6.12", "cpe:/a:opera:opera_browser:6.0", "cpe:/a:opera:opera_browser:7.10", "cpe:/a:opera:opera_browser:7.53", "cpe:/a:opera:opera_browser:3.60", "cpe:/a:opera:opera_browser:5.10", "cpe:/a:opera:opera_browser:5.12", "cpe:/a:opera:opera_browser:7.01", "cpe:/a:opera:opera_browser:9.02", "cpe:/a:opera:opera_browser:9.22", "cpe:/a:opera:opera_browser:3.10", "cpe:/a:opera:opera_browser:8.52", "cpe:/a:opera:opera_browser:3.61", "cpe:/a:opera:opera_browser:9.10", "cpe:/a:opera:opera_browser:9.01", "cpe:/a:opera:opera_browser:4.00", "cpe:/a:opera:opera_browser:6.05", "cpe:/a:opera:opera_browser:7.02", "cpe:/a:opera:opera_browser:7.11", "cpe:/a:opera:opera_browser:7.23"], "id": "CVE-2007-5541", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5541", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:08", "description": "Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.", "edition": 7, "cvss3": {}, "published": "2007-10-18T00:17:00", "title": "CVE-2007-5540", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5540"], "modified": "2012-06-07T21:14:00", "cpe": ["cpe:/a:opera:opera_browser:8.53", "cpe:/a:opera:opera_browser:3.21", "cpe:/a:opera:opera_browser:3.62", "cpe:/a:opera:opera_browser:7.21", "cpe:/a:opera:opera_browser:6.1", "cpe:/a:opera:opera_browser:7.50", "cpe:/a:opera:opera_browser:7.03", "cpe:/a:opera:opera_browser:5.11", "cpe:/a:opera:opera_browser:8.0", "cpe:/a:opera:opera_browser:1.00", "cpe:/a:opera:opera_browser:8.54", "cpe:/a:opera:opera_browser:7.51", "cpe:/a:opera:opera_browser:7.22", "cpe:/a:opera:opera_browser:8.50", "cpe:/a:opera:opera_browser:6.06", "cpe:/a:opera:opera_browser:9.0", "cpe:/a:opera:opera_browser:9.20", "cpe:/a:opera:opera_browser:7.20", "cpe:/a:opera:opera_browser:7.0", "cpe:/a:opera:opera_browser:3.51", "cpe:/a:opera:opera_browser:2.00", "cpe:/a:opera:opera_browser:3.50", "cpe:/a:opera:opera_browser:2.10", "cpe:/a:opera:opera_browser:2.12", "cpe:/a:opera:opera_browser:4.02", "cpe:/a:opera:opera_browser:6.11", "cpe:/a:opera:opera_browser:9.23", "cpe:/a:opera:opera_browser:8.02", "cpe:/a:opera:opera_browser:6.02", "cpe:/a:opera:opera_browser:5.02", "cpe:/a:opera:opera_browser:5.0", "cpe:/a:opera:opera_browser:8.51", "cpe:/a:opera:opera_browser:8.01", "cpe:/a:opera:opera_browser:6.04", "cpe:/a:opera:opera_browser:4.01", "cpe:/a:opera:opera_browser:6.01", "cpe:/a:opera:opera_browser:9.21", "cpe:/a:opera:opera_browser:6.03", "cpe:/a:opera:opera_browser:3.00", "cpe:/a:opera:opera_browser:9.12", "cpe:/a:opera:opera_browser:7.52", "cpe:/a:opera:opera_browser:7.54", "cpe:/a:opera:opera_browser:7.60", "cpe:/a:opera:opera_browser:6.12", "cpe:/a:opera:opera_browser:6.0", "cpe:/a:opera:opera_browser:7.10", "cpe:/a:opera:opera_browser:7.53", "cpe:/a:opera:opera_browser:3.60", "cpe:/a:opera:opera_browser:5.10", "cpe:/a:opera:opera_browser:5.12", "cpe:/a:opera:opera_browser:7.01", "cpe:/a:opera:opera_browser:9.02", "cpe:/a:opera:opera_browser:9.22", "cpe:/a:opera:opera_browser:3.10", "cpe:/a:opera:opera_browser:8.52", "cpe:/a:opera:opera_browser:3.61", "cpe:/a:opera:opera_browser:9.10", "cpe:/a:opera:opera_browser:9.01", "cpe:/a:opera:opera_browser:4.00", "cpe:/a:opera:opera_browser:6.05", "cpe:/a:opera:opera_browser:7.02", "cpe:/a:opera:opera_browser:7.11", "cpe:/a:opera:opera_browser:7.23"], "id": "CVE-2007-5540", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5540", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "edition": 1, "description": "### Background\n\nOpera is a multi-platform web browser. \n\n### Description\n\nMichael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients (CVE-2007-5541). David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly enforced (CVE-2007-5540). \n\n### Impact\n\nAn attacker could potentially exploit the first vulnerability to execute arbitrary code with the privileges of the user running Opera by enticing a user to visit a specially crafted URL. Note that this vulnerability requires an external e-mail or newsgroup client configured in Opera to be exploitable. The second vulnerability allows an attacker to execute arbitrary script code in a user's browser session in context of other sites or the theft of browser credentials. \n\n### Workaround\n\nThere is no known workaround at this time for all these vulnerabilities. \n\n### Resolution\n\nAll Opera users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/opera-9.24\"", "modified": "2007-10-30T00:00:00", "published": "2007-10-30T00:00:00", "id": "GLSA-200710-31", "href": "https://security.gentoo.org/glsa/200710-31", "type": "gentoo", "title": "Opera: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-27T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58777", "href": "http://plugins.openvas.org/nasl.php?oid=58777", "type": "openvas", "title": "FreeBSD Ports: opera, opera-devel, linux-opera", "sourceData": "#\n#VID 44224e08-8306-11dc-9283-0016179b2dd5\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n opera\n opera-devel\n linux-opera\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.opera.com/support/search/view/866/\nhttp://www.opera.com/support/search/view/867/\nhttp://secunia.com/advisories/27277/\nhttp://www.vuxml.org/freebsd/44224e08-8306-11dc-9283-0016179b2dd5.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58777);\n script_version(\"$Revision: 4148 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-27 07:32:19 +0200 (Tue, 27 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-5540\", \"CVE-2007-5541\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: opera, opera-devel, linux-opera\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"opera\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.24\")<0) {\n txt += 'Package opera version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"opera-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.24\")<0) {\n txt += 'Package opera-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-opera\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.24\")<0) {\n txt += 'Package linux-opera version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200710-31.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58710", "href": "http://plugins.openvas.org/nasl.php?oid=58710", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200710-31 (opera)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Opera contains multiple vulnerabilities, which may allow the execution of\narbitrary code.\";\ntag_solution = \"All Opera users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/opera-9.24'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200710-31\nhttp://bugs.gentoo.org/show_bug.cgi?id=196164\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200710-31.\";\n\n \n\nif(description)\n{\n script_id(58710);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-5540\", \"CVE-2007-5541\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200710-31 (opera)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/opera\", unaffected: make_list(\"ge 9.24\"), vulnerable: make_list(\"lt 9.24\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "description": "\nAn advisory from Opera reports:\n\nIf a user has configured Opera to use an external newsgroup\n\t client or e-mail application, specially crafted Web pages can\n\t cause Opera to run that application incorrectly. In some cases\n\t this can lead to execution of arbitrary code.\n\n\nWhen accesing frames from different Web sites, specially crafted\n\t scripts can bypass the same-origin policy, and overwrite functions\n\t from those frames. If scripts on the page then run those functions,\n\t this can cause the script of the attacker's choice to run in the\n\t context of the target Web site.\n\n", "edition": 4, "modified": "2007-10-17T00:00:00", "published": "2007-10-17T00:00:00", "id": "44224E08-8306-11DC-9283-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/44224e08-8306-11dc-9283-0016179b2dd5.html", "title": "opera -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200710-31\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Opera: Multiple vulnerabilities\r\n Date: October 30, 2007\r\n Bugs: #196164\r\n ID: 200710-31\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nOpera contains multiple vulnerabilities, which may allow the execution\r\nof arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nOpera is a multi-platform web browser.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 www-client/opera < 9.24 >= 9.24\r\n\r\nDescription\r\n===========\r\n\r\nMichael A. Puls II discovered an unspecified flaw when launching\r\nexternal email or newsgroup clients (CVE-2007-5541). David Bloom\r\ndiscovered that when displaying frames from different websites, the\r\nsame-origin policy is not correctly enforced (CVE-2007-5540).\r\n\r\nImpact\r\n======\r\n\r\nAn attacker could potentially exploit the first vulnerability to\r\nexecute arbitrary code with the privileges of the user running Opera by\r\nenticing a user to visit a specially crafted URL. Note that this\r\nvulnerability requires an external e-mail or newsgroup client\r\nconfigured in Opera to be exploitable. The second vulnerability allows\r\nan attacker to execute arbitrary script code in a user's browser\r\nsession in context of other sites or the theft of browser credentials.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time for all these\r\nvulnerabilities.\r\n\r\nResolution\r\n==========\r\n\r\nAll Opera users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=www-client/opera-9.24"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2007-5540\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5540\r\n [ 2 ] CVE-2007-5541\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5541\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200710-31.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2007 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "edition": 1, "modified": "2007-10-30T00:00:00", "published": "2007-10-30T00:00:00", "id": "SECURITYVULNS:DOC:18320", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18320", "title": "[ GLSA 200710-31 ] Opera: Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "description": "Code execution, crossite access", "edition": 1, "modified": "2007-10-30T00:00:00", "published": "2007-10-30T00:00:00", "id": "SECURITYVULNS:VULN:8302", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8302", "title": "Opera browser multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:55:58", "description": "BUGTRAQ ID: 26100,26102\r\nCVE(CAN) ID: CVE-2007-5540,CVE-2007-5541\r\n\r\nOpera\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\uff0c\u652f\u6301\u591a\u79cd\u5e73\u53f0\u3002\r\n\r\nOpera\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n\u5982\u679c\u7528\u6237\u5c06Opera\u914d\u7f6e\u4e3a\u4f7f\u7528\u5916\u90e8\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u6216\u90ae\u4ef6\u5e94\u7528\u7a0b\u5e8f\u7684\u8bdd\uff0c\u7279\u5236\u7684\u7f51\u9875\u53ef\u80fd\u5bfc\u81f4Opera\u9519\u8bef\u5730\u8fd0\u884c\u8be5\u5e94\u7528\u7a0b\u5e8f\uff0c\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u8fd9\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\u5728\u8bbf\u95ee\u4e0d\u540c\u7ad9\u70b9\u7684\u5e27\u7684\u65f6\u5019\uff0c\u7279\u5236\u7684\u811a\u672c\u53ef\u80fd\u7ed5\u8fc7\u540c\u6e90\u7b56\u7565\u8986\u76d6\u8fd9\u4e9b\u5e27\u7684\u51fd\u6570\u3002\u5982\u679c\u4e4b\u540e\u9875\u9762\u7684\u811a\u672c\u8fd0\u884c\u4e86\u8fd9\u4e9b\u51fd\u6570\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u5728\u76ee\u6807\u7ad9\u70b9\u7684\u73af\u5883\u4e2d\u8fd0\u884c\u653b\u51fb\u8005\u6240\u63d0\u4f9b\u7684\u811a\u672c\u3002\r\n\r\n\n\nOpera Software Opera < 9.24\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://www.opera.com/download/\" target=\"_blank\">http://www.opera.com/download/</a>", "published": "2007-10-20T00:00:00", "type": "seebug", "title": "Opera\u6d4f\u89c8\u5668\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u53ca\u7ed5\u8fc7\u540c\u6e90\u7b56\u7565\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5540", "CVE-2007-5541"], "modified": "2007-10-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2319", "id": "SSV:2319", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:16", "description": "The remote host is affected by the vulnerability described in GLSA-200710-31\n(Opera: Multiple vulnerabilities)\n\n Michael A. Puls II discovered an unspecified flaw when launching\n external email or newsgroup clients (CVE-2007-5541). David Bloom\n discovered that when displaying frames from different websites, the\n same-origin policy is not correctly enforced (CVE-2007-5540).\n \nImpact :\n\n An attacker could potentially exploit the first vulnerability to\n execute arbitrary code with the privileges of the user running Opera by\n enticing a user to visit a specially crafted URL. Note that this\n vulnerability requires an external e-mail or newsgroup client\n configured in Opera to be exploitable. The second vulnerability allows\n an attacker to execute arbitrary script code in a user's browser\n session in context of other sites or the theft of browser credentials.\n \nWorkaround :\n\n There is no known workaround at this time for all these\n vulnerabilities.", "edition": 25, "published": "2007-10-31T00:00:00", "title": "GLSA-200710-31 : Opera: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "modified": "2007-10-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:opera", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200710-31.NASL", "href": "https://www.tenable.com/plugins/nessus/27593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200710-31.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27593);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5540\", \"CVE-2007-5541\");\n script_xref(name:\"GLSA\", value:\"200710-31\");\n\n script_name(english:\"GLSA-200710-31 : Opera: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200710-31\n(Opera: Multiple vulnerabilities)\n\n Michael A. Puls II discovered an unspecified flaw when launching\n external email or newsgroup clients (CVE-2007-5541). David Bloom\n discovered that when displaying frames from different websites, the\n same-origin policy is not correctly enforced (CVE-2007-5540).\n \nImpact :\n\n An attacker could potentially exploit the first vulnerability to\n execute arbitrary code with the privileges of the user running Opera by\n enticing a user to visit a specially crafted URL. Note that this\n vulnerability requires an external e-mail or newsgroup client\n configured in Opera to be exploitable. The second vulnerability allows\n an attacker to execute arbitrary script code in a user's browser\n session in context of other sites or the theft of browser credentials.\n \nWorkaround :\n\n There is no known workaround at this time for all these\n vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200710-31\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Opera users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/opera-9.24'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/31\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/opera\", unaffected:make_list(\"ge 9.24\"), vulnerable:make_list(\"lt 9.24\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Opera\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:42:15", "description": "An advisory from Opera reports :\n\nIf a user has configured Opera to use an external newsgroup client or\ne-mail application, specially crafted Web pages can cause Opera to run\nthat application incorrectly. In some cases this can lead to execution\nof arbitrary code.\n\nWhen accessing frames from different Websites, specially crafted\nscripts can bypass the same-origin policy, and overwrite functions\nfrom those frames. If scripts on the page then run those functions,\nthis can cause the script of the attacker's choice to run in the\ncontext of the target Website.", "edition": 26, "published": "2007-10-26T00:00:00", "title": "FreeBSD : opera -- multiple vulnerabilities (44224e08-8306-11dc-9283-0016179b2dd5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "modified": "2007-10-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:opera-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-opera", "p-cpe:/a:freebsd:freebsd:opera"], "id": "FREEBSD_PKG_44224E08830611DC92830016179B2DD5.NASL", "href": "https://www.tenable.com/plugins/nessus/27578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27578);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5540\", \"CVE-2007-5541\");\n script_xref(name:\"Secunia\", value:\"27277\");\n\n script_name(english:\"FreeBSD : opera -- multiple vulnerabilities (44224e08-8306-11dc-9283-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An advisory from Opera reports :\n\nIf a user has configured Opera to use an external newsgroup client or\ne-mail application, specially crafted Web pages can cause Opera to run\nthat application incorrectly. In some cases this can lead to execution\nof arbitrary code.\n\nWhen accessing frames from different Websites, specially crafted\nscripts can bypass the same-origin policy, and overwrite functions\nfrom those frames. If scripts on the page then run those functions,\nthis can cause the script of the attacker's choice to run in the\ncontext of the target Website.\"\n );\n # http://www.opera.com/support/search/view/866/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddad77ee\"\n );\n # http://www.opera.com/support/search/view/867/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.opera.com/help\"\n );\n # https://vuxml.freebsd.org/freebsd/44224e08-8306-11dc-9283-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?244456e6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-opera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:opera-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"opera<9.24\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"opera-devel<9.24\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-opera<9.24\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:33:26", "description": "The version of Opera installed on the remote host reportedly may allow\nfor arbitrary code execution if it has been configured to use an\nexternal news reader or email client and a user views a\nspecially crafted web page. \n\nIn addition, it may also allow a script to bypass the same-origin\npolicy and overwrite functions on pages from other domains when\nprocessing frames from different websites, which can be leveraged to\nconduct cross-site scripting attacks.", "edition": 24, "published": "2007-10-17T00:00:00", "title": "Opera < 9.24 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5541", "CVE-2007-5540"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:opera:opera_browser"], "id": "OPERA_924.NASL", "href": "https://www.tenable.com/plugins/nessus/27506", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27506);\n script_version(\"1.15\");\n\n script_cve_id(\"CVE-2007-5540\", \"CVE-2007-5541\");\n script_bugtraq_id(26100, 26102);\n\n script_name(english:\"Opera < 9.24 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by two\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host reportedly may allow\nfor arbitrary code execution if it has been configured to use an\nexternal news reader or email client and a user views a\nspecially crafted web page. \n\nIn addition, it may also allow a script to bypass the same-origin\npolicy and overwrite functions on pages from other domains when\nprocessing frames from different websites, which can be leveraged to\nconduct cross-site scripting attacks.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.opera.com/support/search/view/866/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.opera.com/support/search/view/867/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170706180612/http://www.opera.com/docs/changelogs/windows/924/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Opera version 9.24 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/10/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/10/17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version_UI\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nif (isnull(version_ui)) exit(0);\n\nif (version_ui =~ \"^([0-8]\\.|9\\.([01][0-9]|2[0-3])($|[^0-9]))\")\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"Opera version \", version_ui, \" is currently installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-5540"], "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200710-31.xml\nVendor Specific News/Changelog Entry: http://www.opera.com/support/search/view/867/\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=196164\n[Secunia Advisory ID:27431](https://secuniaresearch.flexerasoftware.com/advisories/27431/)\n[Secunia Advisory ID:27277](https://secuniaresearch.flexerasoftware.com/advisories/27277/)\n[Secunia Advisory ID:27399](https://secuniaresearch.flexerasoftware.com/advisories/27399/)\n[Related OSVDB ID: 38128](https://vulners.com/osvdb/OSVDB:38128)\n[Related OSVDB ID: 38126](https://vulners.com/osvdb/OSVDB:38126)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html\nFrSIRT Advisory: ADV-2007-3529\n[CVE-2007-5540](https://vulners.com/cve/CVE-2007-5540)\nBugtraq ID: 26102\n", "edition": 1, "modified": "2007-10-17T11:18:48", "published": "2007-10-17T11:18:48", "href": "https://vulners.com/osvdb/OSVDB:38127", "id": "OSVDB:38127", "title": "Opera Cross Domain Function Overwrite Unspecified Issue", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-5541"], "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200710-31.xml\nVendor Specific News/Changelog Entry: http://www.opera.com/support/search/view/866/\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=196164\n[Secunia Advisory ID:27431](https://secuniaresearch.flexerasoftware.com/advisories/27431/)\n[Secunia Advisory ID:27277](https://secuniaresearch.flexerasoftware.com/advisories/27277/)\n[Secunia Advisory ID:27399](https://secuniaresearch.flexerasoftware.com/advisories/27399/)\n[Related OSVDB ID: 38127](https://vulners.com/osvdb/OSVDB:38127)\n[Related OSVDB ID: 38128](https://vulners.com/osvdb/OSVDB:38128)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html\nISS X-Force ID: 37271\nFrSIRT Advisory: ADV-2007-3529\n[CVE-2007-5541](https://vulners.com/cve/CVE-2007-5541)\nBugtraq ID: 26100\n", "edition": 1, "modified": "2007-10-17T11:18:48", "published": "2007-10-17T11:18:48", "href": "https://vulners.com/osvdb/OSVDB:38126", "id": "OSVDB:38126", "title": "Opera with External News/E-mail Unspecified Command Execution", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}