The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,642 vulnerabilities with CWE-20
CVE-2009-1491
McAfee GroupShield - Virus Detection Bypass via X-Header Injection
CVE-2009-1432
Symantec AntiVirus Corporate Edition < 10.1 MR8 and 10.2 < MR2 - Arbitrary Text Injection via Login Screen URL Handling
CVE-2009-1348
McAfee Active Virus Defense - Virus Detection Bypass via Malformed Archive Headers
CVE-2009-1446
Elkagroup Image Gallery 1.0 - Authenticated Arbitrary File Upload via upload.php
CVE-2009-1436
FreeBSD 6.3-7.2-PRERELEASE - Information Disclosure via Uninitialized Memory in db Interface
CVE-2009-1189
Freedesktop Dbus < 1.2.3 - Improper Input Validation
CVE-2009-0164
CUPS < 1.3.10 - DNS Rebinding via HTTP Host Header
CVE-2009-1357
Sun Java System Delegated Administrator 6.2-6.4 - HTTP Response Splitting via HELP_PAGE Parameter
CVE-2009-0800
Xpdf 3.02pl2 and earlier - Remote Code Execution via JBIG2 Decoder Input Validation Flaws
CVE-2009-1371
ClamAV < 0.95.1 - Denial of Service via Malformed UPack File
CVE-2009-1369
moziloCMS 1.11 - Information Disclosure via Error Message Path Exposure
CVE-2009-1361
GScripts.net DNS Tools - Remote Command Execution via dig.php Host Parameter
CVE-2009-1307
Firefox < 3.0.9 - Same Origin Policy Bypass via view-source: URI
CVE-2009-1336
Linux Kernel < 2.6.23 - Denial of Service via Long NFS Filename
CVE-2009-1350
Novell NetIdentity Client < 1.2.4 - Remote Code Execution via XTIERRPCPIPE Named Pipe
CVE-2009-1300
Advanced Package Tool - Denial of Service via Invalid Date Handling
CVE-2009-0681
PGP Desktop < 9.10 - Denial of Service and Arbitrary Code Execution via IOCTL Requests
CVE-2009-0089
Windows HTTP Services - Certificate Validation Bypass via DNS Spoofing
CVE-2009-0088
Microsoft Office Converter Pack - Remote Code Execution via WordPerfect 6.x File Parsing
CVE-2009-1268
Wireshark 0.9.6-1.0.6 - Denial of Service via Crafted FWHA_MY_STATE Packet
CVE-2009-0793
LittleCMS 1.18 - Denial of Service via Monochrome Profile Transformation
CVE-2009-1254
James Stone Tunapie 2.1 - Remote Command Execution via Stream URL
CVE-2009-1272
PHP 5.2.x - Denial of Service via ZIP Filename Relative Path Handling
CVE-2009-1242
Linux Kernel < 2.6.29.1 - Denial of Service via EFER_LME Bit in VMX Implementation
CVE-2009-1234
Opera Browser 9.52 and 9.64 - Denial of Service via Malformed XML Document
Details
Vulnerabilities
12,642
Exploit Likelihood
High