CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2016-11052 HIGH
Samsung Android L - Memory Corruption via Malformed JPEG File in Qt Qjpeg
CVSS 7.8
CVE-2016-11048 MEDIUM
Samsung Android L - Factory Reset Protection Bypass
CVSS 4.6
CVE-2016-11046 HIGH
Samsung Android JBP KK L - Unauthenticated Call and SMS Injection via Whitelist Bypass
CVSS 7.5
CVE-2016-2031 CRITICAL
Aruba Instate <4.1.3.0-4.2.3.1 - Privilege Escalation
CVSS 9.8
CVE-2016-6585 MEDIUM
Symantec Norton Mobile Security <3.16 - DoS
CVSS 5.3
CVE-2016-6586 LOW
Symantec Norton Mobile Security <3.16 - Auth Bypass
CVSS 3.7
CVE-2016-6589 MEDIUM
Symantec IT Management Suite 8.0 - Denial of Service via Workflow Process Manager Login Window
CVSS 6.5
CVE-2016-1000104 HIGH
mod_fcgid <2016-07-07 - Auth Bypass
CVSS 8.8
CVE-2016-10991 HIGH
imdb-widget < 1.0.9 - Local File Inclusion
CVSS 7.5
CVE-2016-10960 HIGH
wsecure < 2.4 - Remote Code Execution via wsecure-config.php Publish Parameter
CVSS 8.8
CVE-2016-10956 HIGH
mail-masta 1.0 - Local File Inclusion in count_of_send.php and csvexport.php
CVSS 7.5
CVE-2016-10948 HIGH
Post Indexer < 3.0.6.2 - Remote Code Execution via Unserialize Function
CVSS 8.1
CVE-2016-10930 CRITICAL
WP Support Plus Responsive Ticket System < 7.1.0 - Insecure Direct Object Reference via Ticket Number
CVSS 9.8
CVE-2016-10899 MEDIUM
Fabrix Total Security < 3.4.1 - Unauthenticated Settings Change
CVSS 5.3
CVE-2016-10812 HIGH
cPanel 11.50.0.4-11.50.6.2 - Unauthenticated TTY Exposure via enablefileprotect Script
CVSS 8.8
CVE-2016-10808 HIGH
cPanel 11.50.0.4-11.50.6.2 - Improper Input Validation in /scripts/addpop and /scripts/delpop
CVSS 8.8
CVE-2016-10807 MEDIUM
cPanel 11.50.0.4-11.50.6.2 - Denial of Service via /scripts/killpvhost
CVSS 6.5
CVE-2016-10805 HIGH
cPanel 11.50.0.4-11.50.6.2 - Authenticated Remote Code Execution via ajax_maketext_syntax_util.pl
CVSS 8.8
CVE-2016-10804 HIGH
cPanel 11.50.0.4-11.50.6.2 - Arbitrary File Overwrite via SQLite Journal Feature
CVSS 8.1
CVE-2016-10800 HIGH
cPanel 55.9999.61-56.0.27 - Unauthenticated Demo-Mode Escape via Site Templates and Boxtrapper API
CVSS 7.8
CVE-2016-10793 HIGH
cPanel 11.51.9999.98-11.52.6.6 - Remote Code Execution via Mail::SPF Script Shebang
CVSS 8.8
CVE-2016-10789 HIGH
cPanel 11.54.0.0-11.54.0.33 - Remote Code Execution via cpsrvd 403 Error Response Handler
CVSS 8.8
CVE-2016-10788 HIGH
cPanel 11.54.0.0-11.54.0.33 - Remote Code Execution via Maketext in PostgreSQL adminbin
CVSS 8.8
CVE-2016-10787 HIGH
cPanel 11.54.0.0-11.54.0.33 - Improper Input Validation in Host Access Control
CVSS 8.1
CVE-2016-10775 MEDIUM
cPanel 11.54.0.0-11.54.0.33 - Arbitrary File Chown via reassign_post_terminate_cruft
CVSS 6.5
Details
Vulnerabilities 12,622
Exploit Likelihood High