CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,643 vulnerabilities with CWE-20
CVE-2008-4283
IBM WebSphere Application Server < 5.1.1.19 - HTTP Response Splitting via CRLF Injection
CVE-2008-4559
HP OpenView Network Node Manager 7.01, 7.51, 7.53 - Remote Code Execution via Shell Metacharacters in CGI Arguments
CVE-2008-6084
Iamma Simple Gallery <=2.0 - Unauthenticated Arbitrary File Upload RCE via pages/download.php
CVE-2008-6058
syslserve <= 1.058 - Denial of Service via Crafted UDP Syslog Packet
CVE-2008-5966
globsy < 1.0 - Arbitrary File Write via globsy_edit.php
CVE-2008-5963
Gravity GTD <0.4.5 - Code Injection
CVE-2008-5937
AyeView 2.20 - Denial of Service via Malformed Bitmap File
CVE-2008-3864
Trend Micro OfficeScan <8.0 SP1 Patch 1 - DoS
CVE-2008-4388
Symantec AppStream Client < 5.2.2 SP3 MP1 - Remote Code Execution via LaunchObj ActiveX Control
CVE-2008-4770
RealVNC VNC Free 4.0-4.1.2, Enterprise E4.0-E4.4.2, Personal P4.0-P4.4.2 - RCE via RFB Protocol
CVE-2008-4444
Cisco Unified IP Phone 7940G and 7960G - Denial of Service or Remote Code Execution via Malformed RTP Packet Headers
CVE-2008-3818
Cisco ONS 7.0.2-7.0.6 7.2.2 8.0.x 8.5.1 8.5.2 - Denial of Service via Crafted TCP Session
CVE-2008-5906
KTorrent < 3.1.4 - Remote Code Execution via Web Interface PHP Script Parameters
CVE-2008-5904
xrdp < 0.4.1 - Buffer Overflow via Crafted RDP Color Pointer PDU
CVE-2008-5887
phplist < 2.10.8 - Local File Inclusion
CVE-2008-5872
Nortel Multimedia Communication Server 5100 3.0.13 - Denial of Service via UFTP Message
CVE-2008-5870
FastStone Image Viewer 3.6 - Denial of Service via Malformed BMP Image
CVE-2008-5077
OpenSSL < 0.9.8h - Certificate Chain Validation Bypass via Malformed SSL/TLS Signature
CVE-2008-5826
Nokia 6131 NFC - Denial of Service via Malformed NDEF Record
CVE-2008-5810
Fujitsu-Siemens WebTransactions <7.1 - Command Injection
CVE-2008-5732
KafooeyBlog 1.55b - Unauthenticated Arbitrary File Upload via Image Upload
CVE-2008-5730
AIST NetCat <= 3.12 - CRLF Injection via Cookie and add.php
CVE-2008-5715
Firefox - Denial of Service via Long Location Hash String
CVE-2008-5712
KDE Konqueror 3.5.9 - Denial of Service via Long HTML Color Attribute
CVE-2008-5709
Avaya Communication Manager <3.1.4-5.0 - RCE
Details
Vulnerabilities 12,643
Exploit Likelihood High