CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2013-4811
HP Identity Driven Manager 4.0 - Remote Code Execution via SNAC UpdateDomainControllerServlet
CVE-2013-4812
HP Identity Driven Manager 4.0 - Remote Code Execution via UpdateCertificatesServlet File Upload
CVE-2013-2897
Linux Kernel < 3.11 - Denial of Service via HID Multitouch Driver Array Index Errors
CVE-2013-2898
Linux Kernel <3.11 - Info Disclosure
CVE-2013-2888
Linux Kernel < 3.11 - Arbitrary Code Execution via HID Report ID Index Error
CVE-2013-5493
Cisco Virtualization Experience Client 6000 - Privilege Escalation
CVE-2013-5738
WordPress < 3.6.1 - Authenticated Cross-Site Scripting via HTML File Upload
CVE-2013-4339
WordPress < 3.6.1 - Open Redirect via URL Validation Bypass
CVE-2013-5488
Cisco Prime LAN Management Solution - Denial of Service via ActiveMQ TCP Session Handling
CVE-2013-3446
Cisco Digital Media Manager - Open Redirect via Login Page
CVE-2013-3036
IBM Rational Requirements Composer <4.0.4 - Open Redirect
CVE-2013-3868
Active Directory Lightweight Directory Service - Denial of Service via Crafted LDAP Query
CVE-2013-3159
Microsoft Excel 2003/2007/2010 XML External Entity Injection
CVE-2013-1330
Microsoft SharePoint Portal Server <2010 - Code Injection
CVE-2013-0081
Microsoft SharePoint - Denial of Service via Unassigned Workflow Processing
CVE-2013-4283
389 Directory Server < 1.3.0.8 - Denial of Service via Crafted DN in MOD Operation
CVE-2013-5716
Gretech GOM Media Player 2.2.53.5169 - Denial of Service via Crafted WAV File
CVE-2013-5642
Asterisk 1.8.x < 1.8.23.1, 10.x < 10.12.3, 11.x < 11.5.1 - Denial of Service via Invalid SDP in SIP Request
CVE-2013-2992
IBM WebSphere Commerce 7.0 FP4-FP6 - Denial of Service via Search Component Query
CVE-2013-3609
Supermicro IPMI - Authenticated Privilege Escalation via PrivilegeCallBack Function
CVE-2013-3608
Supermicro IPMI - Authenticated Remote Command Execution via Shell Metacharacters in Web Interface
CVE-2013-3600
Coursemill Learning Management System 6.6 - Authenticated Privilege Escalation via Userid Parameter
CVE-2013-3599
Coursemill Learning Management System 6.6 and 6.8 - Privilege Escalation via User-Role Parameter
CVE-2013-3277
EMC RSA Archer GRC <5.4 - Open Redirect
CVE-2013-1648
Open-Xchange Server < 6.20.7 rev14, 6.22.0 < rev13, 6.22.1 < rev14 - SSRF via Subscriptions Source Field
Details
Vulnerabilities 12,638
Exploit Likelihood High