The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2012-0152
Windows 7 and Windows Server 2008 - Denial of Service via Remote Desktop Protocol
CVE-2012-1472
VMware vCenter Chargeback Manager < 2.0.1 - Arbitrary File Read and Denial of Service via XML API Requests
CVE-2012-0584
Apple Safari < 5.1.4 - Domain Spoofing via IDN Homoglyphs
CVE-2012-0641
iPhone OS < 5.1 - Information Disclosure via Malformed URL Parsing
CVE-2012-0292
Symantec pcAnywhere <= 12.5.3 - Denial of Service via Crafted TCP Session
CVE-2012-0838
Apache Struts 2 < 2.2.3.1 - Remote Code Execution via OGNL Expression Evaluation
CVE-2012-0823
libvpx < 1.0.0 - Denial of Service via Corrupt Input or P-frame Decoding
CVE-2012-0291
Symantec pcAnywhere through 12.5.3 - Denial of Service via Malformed Data
CVE-2012-0865
CubeCart < 3.0.20 - Open Redirect via switch.php r Parameter or admin/login.php goto Parameter
CVE-2012-1198
Basic Analysis and Security Engine 1.4.5 - Remote Code Execution via File Upload
CVE-2012-1191
djbdns 1.05 - Ghost Domain Names via NS Record Cache Overwrite
CVE-2012-0149
Windows Server 2003 SP2 - Privilege Escalation via Ancillary Function Driver Input Validation
CVE-2012-0148
Windows 7 and Windows Server 2008 - Privilege Escalation via AfdPoll Input Validation
CVE-2012-0788
PHP < 5.3.9 - Denial of Service via PDORow and Session Interaction
CVE-2012-0831
PHP < 5.3.10 - SQL Injection via Environment Variable Import
CVE-2012-0840
Apache Portable Runtime < 1.4.5 - Denial of Service via Hash Collision
CVE-2012-1035
AdaCore Ada Web Services < 2.10.2 - Denial of Service via Hash Collision in Form Parameters
CVE-2012-0839
OCaml < 3.12.1 - Denial of Service via Hash Collision
CVE-2012-1008
OfficeSIP Server 3.1 - Denial of Service via Crafted SIP INVITE To Header
CVE-2012-1023
4images 1.7.10 - Open Redirect via Admin Index Redirect Parameter
CVE-2012-1010
AllWebMenus <1.1.8 - Code Injection
CVE-2012-0992
OpenEMR 4.1.0 - Authenticated Remote Code Execution via Fax Dispatch File Parameter
CVE-2012-0448
Bugzilla <3.4.14, <3.6.8, <4.0.4, <4.2rc2 - Info Disclosure
CVE-2012-0021
Apache HTTP Server 2.2.17-2.2.21 - Denial of Service via Malformed Cookie in mod_log_config
CVE-2012-0193
IBM WebSphere Application Server DoS via Form Parameter Hash Collisions
Details
Vulnerabilities
12,638
Exploit Likelihood
High