The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2012-4096
Cisco Unified Computing System - Privilege Escalation via Local File Editor
CVE-2012-4092
Cisco Unified Computing System - Man-in-the-Middle Attack via vCenter Console Identity Spoofing
CVE-2012-4079
Cisco Unified Computing System - Denial of Service via Malformed XML Document
CVE-2012-4089
Cisco Unified Computing System - Unauthenticated Arbitrary BMC Command Execution via MCTOOLS
CVE-2012-4087
Cisco Unified Computing System - Remote Code Execution via Fabric Interconnect Cluster Setup Script
CVE-2012-4085
Cisco Unified Computing System - Username Enumeration via IPMI Interface
CVE-2012-5338
JForum 2.1.9 - Open Redirect via returnPath Parameter
CVE-2012-4082
Cisco Unified Computing System - Privilege Escalation via MCTools Command-Line Parameters
CVE-2012-4093
Cisco Unified Computing System Manager - Denial of Service via Invalid Smart Call Home Contact Address
CVE-2012-4072
Cisco Unified Computing System - Man-in-the-Middle Attack via Hardcoded X.509 Certificate
CVE-2012-6087
Moodle < 2.2.11, 2.3.x < 2.3.9, 2.4.x < 2.4.6, 2.5.x < 2.5.2 - SSL Certificate Hostname Validation Bypass
CVE-2012-6597
Palo Alto Networks PAN-OS < 3.1.11 and 4.0.x < 4.0.9 - Authenticated Denial of Service via Command-Line Interface
CVE-2012-6567
REDCap < 4.13.18 - Authenticated Remote Code Execution via Custom Rule Shell Metacharacters
CVE-2012-3544
Apache Tomcat 6.x < 6.0.37 and 7.x < 7.0.30 - Denial of Service via Chunked Transfer Coding
CVE-2012-6399
Cisco WebEx 4.1 on iOS - SSL Certificate Hostname Validation Bypass
CVE-2012-6560
FreeNAC 3.02 - SQL Injection via Device Add Status Parameter
CVE-2012-6554
activeCollab Chat Module < 1.5.2 - Authenticated Remote Code Execution via Message Text Parameter
CVE-2012-4695
Rockwell Automation RSLinx Enterprise <CPR9-SR6 - DoS
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 - XML External Entity Injection
CVE-2012-4462
Condor - Denial of Service via Square Brackets in cproc Option
CVE-2012-3411
dnsmasq < 2.63test1 - Denial of Service via Spoofed DNS Query
CVE-2012-4858
IBM Cognos BI <8.4.1-10.2 - Code Injection
CVE-2012-6073
Jenkins Open Redirect (1.491, LTS 1.480.1, Enterprise 1.424.6.13/1.447.4.1/1.466.10.1)
CVE-2012-6072
Jenkins < 1.491 - CRLF Injection and HTTP Response Splitting
CVE-2012-5647
Red Hat OpenShift Origin <1.0.5.3 - Open Redirect
Details
Vulnerabilities
12,638
Exploit Likelihood
High