CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,642 vulnerabilities with CWE-20
CVE-2009-3591
Dopewars 1.5.12 - Denial of Service via Invalid REQUESTJET Message
CVE-2009-3545
DataWizard Technologies FtpXQ FTP Server 3.0 - Authenticated Denial of Service via Long ABOR Command
CVE-2009-3523
avast! Home and Professional < 4.8.1356 - Local Privilege Escalation via IOCTL Input Validation
CVE-2009-3448
BakBone NetVault Backup 8.22 Build 29 - Denial of Service via Large Size Field in TCP/UDP Port 20031
CVE-2009-3291
PHP < 5.2.11 - Certificate Validation Bypass in OpenSSL Verification Policy
CVE-2009-3287
Thin < 1.2.4 - IP Address Spoofing via X-Forwarded-For Header
CVE-2009-3271
Apple Safari on iPhone OS 3.0.1 - Denial of Service via Long tel: URL in IFRAME SRC Attribute
CVE-2009-3250
vtiger CRM 5.0.4 - Authenticated Remote Code Execution via Compose Mail Attachment Filename
CVE-2009-3078
Firefox < 3.0.14 and 3.5.x < 3.5.3 - URL Spoofing via Unicode Character Line-Height Manipulation
CVE-2009-3115
SolarWinds TFTP Server <= 9.2.0.111 - Denial of Service via Crafted OACK Request
CVE-2009-3102
Zmanda Recovery Manager for MySQL 2.x - Remote Code Execution via Crafted MYSQL_BINPATH Variable
CVE-2009-3084
Pidgin < 2.6.1 - Denial of Service via MSN Protocol Ink Message Handling
CVE-2009-3048
Opera < 10.00 - Unintended File Upload via Dropped File
CVE-2009-2700
Nokia Trolltech Qt 4.x - Man-in-the-Middle Attack
CVE-2009-2955
Google Chrome <= 1.0.154.48 - Denial of Service via Long Location Hash String
CVE-2009-2954
Microsoft Internet Explorer < 6.0.2900.2180 - Denial of Service via Long Location Hash
CVE-2009-2918
TheGreenBow IPSec VPN Client 4.61.003 - Denial of Service via tgbvpn.sys IOCTL 0x80000034
CVE-2009-2055 MEDIUM KEV
Cisco IOS XR 3.4.0-3.8.1 - Denial of Service via Invalid BGP UPDATE Attribute
CVSS 5.9
CVE-2009-0682
CA Internet Security Suite r3-r5 - Denial of Service via IOCTL Call Verification
CVE-2009-2855
Squid 2.7 - Denial of Service via Crafted Auth Header Comma Delimiters
CVE-2009-2852
WP-Syntax < 0.9.1 - Remote Code Execution via test_filter[wp_head] Parameter
CVE-2009-2765
DD-WRT < 24 - Remote Code Execution via CGI-BIN URI Shell Metacharacters
CVE-2009-1536
Microsoft .NET Framework 2.0 SP1/SP2 and 3.5 Gold/SP1 - Unauthenticated Denial of Service via Crafted HTTP Requests
CVE-2009-2715
Sun VirtualBox 2.2-3.0.2 - Denial of Service via sysenter Instruction
CVE-2009-2687
PHP < 5.2.10 - Denial of Service via Malformed JPEG Image in Exif Module
Details
Vulnerabilities 12,642
Exploit Likelihood High