Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2018-20586 MEDIUM

Bitcoin Core - Arbitrary Data Injection into Debug Log via RPC Call

CVE-2018-16386 HIGH

SWIFT Alliance Web Platform 7.1.23 - Log Injection

CVE-2018-18838 HIGH

Netdata 1.10.0 - Log Injection via URL Parameter

CVE-2018-8920 HIGH

Synology DiskStation Manager < 6.1.6-15266 - Arbitrary Content Injection via Log Exporter CSV Export

CVE-2018-8609 HIGH

Microsoft Dynamics 365 8.0-8.2.3.0003 - Remote Code Execution via Improper Web Request Sanitization

CVE-2018-15494 CRITICAL

Dojo Toolkit <1.14 - Code Injection

CVE-2018-9246 CRITICAL

PGObject::Util::DBAdmin <0.120.0 - Code Injection

CVE-2018-2389 MEDIUM

SAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49, 7.53 - Log File Injection

CVE-2018-1048 HIGH

JBoss EAP 7.1.0.GA - Path Traversal and Information Disclosure via AJP Connector

CVE-2017-18892 MEDIUM

Mattermost Server <4.2.0-4.0.5 - XSS

CVE-2017-12340 MEDIUM

Cisco NX-OS - Authenticated Bash Shell Access via Python Scripting Sandbox Escape

CVE-2017-12064 HIGH

OpenEMR 5.0.0 and prior - Improper Encoding or Escaping of Output in csv_log_html Function

CVE-2017-8303 CRITICAL

Accellion File Transfer Appliance < 9_12_180 - Remote Code Execution via seos/1000/find.api Method Parameter

CVE-2016-2568 HIGH

polkit - Local Privilege Escalation via TIOCSTI ioctl Call

CVE-2016-3063 HIGH

NetApp OnCommand System Manager <8.3.2 - RCE

CVE-2015-10040 MEDIUM

gitlearn < 2015-06-09 - Injection in Escape Sequence Handler

CVE-2015-10011 MEDIUM

OpenDNS OpenResolve - Info Disclosure

CVE-2014-9938 HIGH

Git < 1.9.3 - Remote Code Execution via Unsanitized Branch Name in PS1 Variable

CVE-2013-2011 HIGH

WordPress W3 Super Cache <1.3.2 - RCE

nginx 0.8.41-1.4.3 and 1.5.x < 1.5.7 - URI Restriction Bypass via Unescaped Space Character

CVE-2009-4267 MEDIUM

Apache jUDDI 3.0.0 - Authenticated Log Spoofing via Console numRows Parameter

Previous Page 18 of 18

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy