CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,642 vulnerabilities with CWE-20
CVE-2009-1761
CA ARCserve Backup r12.0 and r12.0 SP1 - Denial of Service via Invalid Message Handling
CVE-2009-2044
Firefox < 3.0.10 - Denial of Service via Large GIF Image in BODY BACKGROUND Attribute
CVE-2009-2043
Firefox 3.0.2-3.0.10 - Denial of Service via TinyMCE Interaction
CVE-2009-1834
Firefox < 3.0.11 - Location Bar Spoofing via Invalid Unicode IDN Characters
CVE-2009-1126
Microsoft Windows 2000 SP4, XP SP2-SP3, Server 2003 SP2 - Privilege Escalation via Desktop Parameter Edit
CVE-2009-1125
Microsoft Windows 2000 - Improper Input Validation
CVE-2009-1124
Microsoft Windows - Local Privilege Escalation via Kernel Pointer Validation
CVE-2009-1697
Apple Safari < 4.0 - CRLF Injection and Same Origin Policy Bypass via HTTP Header Injection
CVE-2009-1686
Apple Safari < 4.0 - Remote Code Execution via JavaScript Exception Handling
CVE-2009-0033
Apache Tomcat 4.1.0-4.1.39, 5.5.0-5.5.27, 6.0.0-6.0.18 - Denial of Service via Malformed HTTP Host Header
CVE-2009-1914
Linux Kernel < 2.6.29 - Denial of Service via Uninitialized Pointer in pci_register_iommu_region
CVE-2009-1824
ArcaBit ArcaVir 2009 - Local Privilege Escalation via ps_drv.sys IOCTL Requests
CVE-2009-1784
AVG Anti-Virus < 8.0.156 - Malware Detection Bypass via Crafted RAR and ZIP Archives
CVE-2009-1783
F-Prot Antivirus - Malware Detection Bypass via Crafted CAB Archive
CVE-2009-1777
Matt Wright FormMail 1.92 - CRLF Injection via Redirect Parameter
CVE-2009-1773
activeCollab 2.1 Corporate - Information Disclosure via Invalid re_route Parameter
CVE-2009-1739
PAD Site Scripts 3.6 - Unauthenticated Privilege Escalation via Authuser Cookie
CVE-2009-1669
Smarty 2.6.22 - Remote Code Execution via Math Function Equation Attribute
CVE-2009-1668
TYPSoft FTP Server 1.11 - Denial of Service via ABOR Command
CVE-2009-0943
Apple Mac OS X 10.4.11 and 10.5 < 10.5.7 - Remote Code Execution via Help Viewer help: URL
CVE-2009-0942
Apple Mac OS X 10.4.11 and 10.5 < 10.5.7 - Remote Code Execution via Help Viewer CSS Handling
CVE-2009-0161
Apple Mac OS X 10.5 - OCSP Certificate Validation Spoofing via Revoked Certificate
CVE-2009-0156
Apple Mac OS X 10.4.11 and 10.5 < 10.5.7 - Denial of Service via Crafted Mach-O Executable
CVE-2009-1609
Battle Blog 1.25 - Unauthenticated Arbitrary File Upload via admin/uploadform.asp
CVE-2009-1525
DirectAdmin < 1.33.4 - Authenticated Privilege Escalation via Shell Metacharacters in Restore Name Parameter
Details
Vulnerabilities 12,642
Exploit Likelihood High