CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,643 vulnerabilities with CWE-20
CVE-2008-6568
Yehe 2.0 - Remote Code Execution via Unrestricted File Upload in Envoyeur Feature
CVE-2008-6559
SCO ReliantHA 1.1.4 - Local Privilege Escalation via mcd -d Argument
CVE-2008-6558
SCO UnixWare 7.1.4 ReliantHA - Privilege Escalation via RELIANT_PATH Environment Variable
CVE-2008-6557
Puppet Master WebUtil 2.7 - Remote Command Execution via Shell Metacharacters in Details Command
CVE-2008-6556
Puppet Master WebUtil 2.3 - Remote Command Execution via Whois Command Shell Metacharacters
CVE-2008-6555
Puppet Master WebUtil - Remote Command Execution via Dig Command Shell Metacharacters
CVE-2008-6547
FormEncode 1.0 - Improper Input Validation via Chained Validators Bypass
CVE-2008-6541
DotNetNuke < 4.8.2 - Authenticated Arbitrary File Upload via File Manager Module
CVE-2008-6538
DeStar 0.2.2-5 - Unauthenticated Arbitrary User Addition via Direct Request
CVE-2008-6534
NULL FTP Server Free and Pro 1.1.0.7 - Authenticated Command Injection via SITE Command
CVE-2008-6528
TmaxSoft JEUS 5 - Unauthenticated Source Code Disclosure via NTFS Alternate Data Stream
CVE-2008-6511
Openfire < 3.6.0a - Open Redirect via login.jsp url Parameter
CVE-2008-6504
OpenSymphony XWork 2.0.x < 2.0.6 and 2.1.x < 2.1.2 - Remote Code Execution via OGNL Context Object Reference
CVE-2008-6497
Neostrada Livebox ADSL Router - Denial of Service via Multiple HTTP Requests for /- URI
CVE-2008-6492
Tizag Countdown Creator 3 - Unauthenticated Arbitrary File Upload via index.php
CVE-2008-6490
FLABER < 1.1 - Arbitrary File Write via update_xml.php target_file Parameter
CVE-2008-6367
Social Groupie - Authenticated Arbitrary File Upload via Photos/create_album.php
CVE-2008-6298
sISAPILocation < 1.0.2.2 - Access Restriction Bypass via HTTP Header Rewrite Function
CVE-2008-6207
PHPG Upload 1.0 - Authenticated Arbitrary File Upload via form_upload.php
CVE-2008-6185
NoticeWare Email Server NG 5.1.2.2 - Denial of Service via Long POP3 PASS Command
CVE-2008-6175
SilverSHielD 1.0.2.34 - Denial of Service via SFTP Opendir Command
CVE-2008-6171
Drupal 5.x < 5.12 and 6.x < 6.6 - Remote Code Execution via HTTP Host Header
CVE-2008-6122
Netgear WGR614v9 - Denial of Service via Question Mark in Request
CVE-2008-6121
SocialEngine < 2.7 - CRLF Injection via PHPSESSID Cookie
CVE-2008-6119
Goople CMS 1.7 - Static Code Injection via Username and Password Parameters
Details
Vulnerabilities 12,643
Exploit Likelihood High