The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,641 vulnerabilities with CWE-20
CVE-2009-5004
MEDIUM
Apache Qpid C++ - Denial of Service via Large Message with Digest-MD5 Mechanism
CVSS 6.5
CVE-2009-3614
LOW
liboping 1.3.2 - Arbitrary File Read
CVSS 3.3
CVE-2009-5050
HIGH
Konversation < 1.2.3 - Denial of Service
CVSS 7.5
CVE-2009-5158
MEDIUM
google-analyticator < 5.2.1 - Cross-Site Scripting via Google Analytics API Text
CVSS 6.1
CVE-2009-1197
MEDIUM
Apache jUDDI - Log Spoofing via uddiget.jsp Error Logging
CVSS 5.3
CVE-2009-5147
HIGH
Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 < 648, 2.1 < 2.1.8 - Arbitrary Library Loading via DL::dlopen
CVSS 7.3
CVE-2009-5136
Condor < 7.4.2 - Authenticated Denial of Service via WANT_SUSPEND Policy
CVE-2009-5135
Echo < 2.1.1 and 3.x < 3.0.b6 - XML External Entity Injection
CVE-2009-0905
IBM WebSphere MQ 6.0-6.0.2.7 and 7.0 - Privilege Escalation via Long Group Name Handling
CVE-2009-5056
OTRS < 2.4.0 - Authenticated Permission Bypass via Watched Tickets List
CVE-2009-5038
Cisco IOS < 15.0(1)XA - Denial of Service via IRC Traffic Handling
CVE-2009-5020
awstats < 6.95 - Open Redirect
CVE-2009-4921
Cisco ASA 5580 < 8.1(2) - Denial of Service via Malformed TCP Packets
CVE-2009-4918
Cisco ASA 5580 < 8.1(2) - Denial of Service via Malformed NAT-T Packets
CVE-2009-4854
TalkBack 2.3.14 - Remote Code Execution via Import.php Result Parameter
CVE-2009-4847
Deliantra < 2.82 - Authenticated Denial of Service via Empty Treasure List
CVE-2009-4833
MySQL Connector/NET < 6.0.3 - Man-in-the-Middle Attack via Spoofed SSL Certificate
CVE-2009-4810
Samhain < 2.5.4 - Unauthenticated Authentication Bypass via SRP Zero Value
CVE-2009-4788
Pligg CMS < 1.0.2 - Open Redirect via Return Parameter or HTTP Referer Header
CVE-2009-4771
Drupal Ubercart PayPal Payments - Order Validation Duplicate Actions
CVE-2009-3245
OpenSSL < 0.9.8m - Denial of Service via NULL Return Value in bn_wexpand
CVE-2009-4658
Xerver 4.32 - Authenticated Denial of Service via Non-Numeric Web Port Assignment
CVE-2009-2624
gzip < 1.3.13 - Denial of Service via Crafted Archive
CVE-2009-4611
Jetty 6.x-6.1.22 and 7.0.0 - Terminal Emulator Escape Sequence Injection via HTTP Request
CVE-2009-4496
Boa 0.94.14rc21 - Remote Command Execution via Terminal Emulator Escape Sequence
Details
Vulnerabilities
12,641
Exploit Likelihood
High