CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2010-2892
LANDesk Management Gateway <4.0-1.48 & <4.2-1.8 - Command Injection
CVE-2010-3870
PHP < 5.2.14 - Cross-Site Scripting and SQL Injection Protection Bypass via utf8_decode
CVE-2010-4156
Libmbfl 1.1.0 - Information Disclosure via mb_strcut Length Parameter
CVE-2010-2732
Microsoft Forefront UAG - Open Redirect
CVE-2010-0786
IBM WebSphere Application Server 7.0 - Denial of Service via JAX-WS Request
CVE-2010-3709
PHP 5.2.0-5.2.14 and 5.3.0-5.3.3 - Denial of Service via ZipArchive::getArchiveComment
CVE-2010-4199 HIGH
Google Chrome < 7.0.517.44 - Denial of Service via SVG Use Element Processing
CVSS 8.8
CVE-2010-4198 HIGH
Google Chrome < 7.0.517.44 - Memory Corruption via Large Text Area Handling
CVSS 8.8
CVE-2010-3704
poppler - Denial of Service and Possible Remote Code Execution via Crafted PostScript Type1 Font
CVE-2010-3703
poppler - Denial of Service via Uninitialized Pointer Dereference in PostScriptFunction
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 - Arbitrary Record Modification via Nested Attributes Parameter Manipulation
CVE-2010-3711
Pidgin < 2.7.4 - Authenticated Denial of Service via Crafted Message
CVE-2010-4099
NitroSecurity NitroView ESM 8.4.0a - Remote Command Execution via Request Parameter
CVE-2010-3491
TIBCO ActiveMatrix <2.3.1-5.8.1 - RCE
CVE-2010-4068
TYPO3 4.2.x-4.2.14, 4.3.x-4.3.6, 4.4.x-4.4.3 - Authenticated Arbitrary File Read and Write via Extension Manager
CVE-2010-3716
TYPO3 4.2.x-4.3.x - Authenticated Privilege Escalation via be_user_creation Task
CVE-2010-4049
Opera < 10.63 - Denial of Service via Flash Transparent Window Mode Handling
CVE-2010-4048
Opera < 10.63 - Denial of Service via Redirect During File Save
CVE-2010-4044
Opera < 10.63 - URL Spoofing via Window Size Manipulation
CVE-2010-4042 CRITICAL
Google Chrome < 7.0.517.41 - Denial of Service via Stale Element Handling
CVSS 9.8
CVE-2010-4040 HIGH
Google Chrome < 7.0.517.41 - Memory Corruption via Crafted Animated GIF Image
CVSS 7.8
CVE-2010-4036
Google Chrome < 7.0.517.41 - URL Spoofing via Page Unloading
CVE-2010-4035
Google Chrome < 7.0.517.41 - Denial of Service via Autofill Form Handling
CVE-2010-4034
Google Chrome < 7.0.517.41 - Denial of Service via Crafted HTML Form Handling
CVE-2010-3350
bareFTP 0.3.4 - Privilege Escalation
Details
Vulnerabilities 12,638
Exploit Likelihood High