The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,655 vulnerabilities with CWE-20
CVE-2008-0386
xdg-utils < 1.0.2 - Remote Code Execution via URL Argument to xdg-open or xdg-email
CVE-2008-0506
Coppermine Photo Gallery < 1.4.14 - Remote Code Execution via ImageMagick Picture Processing Parameters
CVE-2008-0473
Web Wiz Rich Text Editor 4.0 - Unauthenticated Arbitrary File Upload via RTE_popup_save_file.asp
CVE-2008-0475
ManageEngine Applications Manager 8.1 build 8100 - Information Disclosure via Invalid URI Handling
CVE-2008-0008
PulseAudio 0.9.8-0.9.9 - Privilege Escalation
CVE-2008-0406
HTTP File Server < 2.2b - Denial of Service via Long Account Name
CVE-2008-0373
PHP F1 Max's File Uploader - Unrestricted File Upload
CVE-2008-0171
Boost.Regex 1.33-1.34 - Denial of Service via Invalid Regular Expression
CVE-2008-0172
Boost 1.33-1.34 - Denial of Service via Invalid Regular Expression
CVE-2008-0331
Funkwerk System Software < 7.4.1_patch_8 - Denial of Service via DNS Requests
CVE-2008-0298
Safari 2.x - Denial of Service via Crafted Web Page
CVE-2008-0260
minimal Gallery 0.8 - Information Exposure via php_info.php
CVE-2008-0264
Drupal Meta Tags Module < 5.x-1.6 - Authenticated Remote Code Execution
CVE-2008-0277
Drupal Fileshare Module - Authenticated Remote Code Execution
CVE-2008-0244
SAP MaxDB < 7.6.3_build_007 - Remote Command Execution via Shell Metacharacters in exec_sdbinfo
CVE-2008-0251
PhotoPost vBGallery < 2.4.1 - Unauthenticated Arbitrary File Upload
CVE-2008-0241
Sun Java System Identity Manager 6.0 SP1-SP3, 7.0, 7.1 - Open Redirect via nextPage Parameter
CVE-2008-0237
Microsoft Rich Textbox Control - Remote Code Execution via SaveFile Method
CVE-2008-0199
PRO-Search < 0.16 - Denial of Service via show_page and time Parameters
CVE-2008-0209
Snitz Forums 2000 < 3.4.06 - Open Redirect via Login Target Parameter
CVE-2008-0097
Georgia SoftWorks SSH2 Server < 7.01.0003 - Remote Code Execution via Format String in Username Field
CVE-2008-0101
white_dune < 0.29beta791 - Remote Code Execution via Format String in .WRL File
CVE-2007-6763
HIGH
SAS Drug Development < 32drg02 - Unauthenticated Resource Access via Browser Back Button
CVSS 8.8
CVE-2007-6746
telepathy-idle <0.1.15 - Man-in-the-Middle
CVE-2007-6739
pyftpdlib < 0.2.0 - Denial of Service via Long Command
Details
Vulnerabilities
12,655
Exploit Likelihood
High