The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,641 vulnerabilities with CWE-20
CVE-2009-4495
Yaws 1.85 - Terminal Emulator Escape Sequence Injection via HTTP Request
CVE-2009-4494
AOLserver 4.5.1 - Terminal Emulator Escape Sequence Injection via HTTP Request
CVE-2009-4493
Orion Application Server 2.0.7 - Code Injection
CVE-2009-4491
CRITICAL
thttpd 2.25b0 - Remote Code Execution via Terminal Emulator Escape Sequence
CVSS 9.8
CVE-2009-4490
mini_httpd 1.19 - Remote Command Execution via Terminal Emulator Escape Sequence
CVE-2009-4489
Cherokee < 0.99.31 - Remote Code Execution via Terminal Emulator Escape Sequence
CVE-2009-4488
CRITICAL
Varnish 2.0.6 - Terminal Emulator Escape Sequence Injection via Log File
CVSS 9.8
CVE-2009-4537
Linux Kernel < 2.6.32.3 - Denial of Service via Crafted Ethernet Frame Size in r8169 Driver
CVE-2009-4546
Logoshows BBS 2.0 - Authentication Bypass via Cookie Manipulation
CVE-2009-4467
DeluxeBB 1.3 - Improper Input Validation in Email Verification
CVE-2009-4445
Internet Information Services < 6.0 - Arbitrary File Creation via NTFS Alternate Data Stream Filename Syntax
CVE-2009-4137
Matomo < 0.5 - Remote Code Execution via Cookie Unserialize
CVE-2009-3305
Polipo 1.0.4 - Denial of Service via Cache-Control Header Parsing
CVE-2009-4372
AlienVault OSSIM < 2.1.5-4 - Remote Command Execution via UniqueID Parameter
CVE-2009-4327
IBM DB2 9.5-9.7 - Denial of Service via Memory Pool Size Validation
CVE-2009-4325
IBM DB2 <8.2 FP18, <9.1 FP8, <9.5 FP5, <9.7 FP1 - Memory Corruption
CVE-2009-4321
Zen Cart <1.3.8-1.3.8a - Info Disclosure
CVE-2009-2509
Microsoft Windows Server <2003 SP2 & 2008 - RCE
CVE-2009-4224
SweetRice < 0.5.4 - Remote File Inclusion via root_dir Parameter
CVE-2009-4114
Kaspersky Anti-Virus <9.0.0.736 - DoS
CVE-2009-4028
MySQL <5.0.88, <5.1.41 - Man-in-the-Middle
CVE-2009-4106
Agoko CMS < 0.4 - Unauthenticated Arbitrary File Upload via admintools/editpage-2.php
CVE-2009-4105
TYPSoft FTP Server 1.10 - Authenticated Denial of Service via APPE and DELE Command Sequence
CVE-2009-4102
Sage <1.4.3 - Remote Code Execution
CVE-2009-4101
infoRSS < 1.1.4.2 - Remote Code Execution and Cross-Domain Scripting via RSS Feed Description Tag
Details
Vulnerabilities
12,641
Exploit Likelihood
High