Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')CWE-74
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2007-4190CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information. | CVSS 4.3 | Joomla | - | Patched | |
CVE-2005-3750Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera. | CVSS 7.5 | Opera | - | Patched | |
CVE-2005-3056TWiki allows arbitrary shell command execution via the Include function | CVSS 9.8 | Twiki | - | Patched | |
CVE-2005-3007Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content. | CVSS 2.6 | Opera | - | Patched | |
CVE-2004-2570Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user. | CVSS 5 | Opera | Exploit | Patched | |
CVE-2004-1157Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | CVSS 7.5 | Opera | - | Patched |