The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,655 vulnerabilities with CWE-20
CVE-2007-5282
Hitachi Cosminexus Agent 03-00-03-05 & Library Standard/Web Edition 04-00-04-01 - DoS via Invalid Client Data
CVE-2007-5283
Hitachi TPBroker Object Transaction Monitor 01-00-03-00 - Denial of Service via Invalid Messages
CVE-2007-5275
Adobe Shockwave Player - DNS Rebinding Attack via Flash Socket Class
CVE-2007-4924
Ekiga < 2.0.10 and OpenH323 < 2.2.4 - Denial of Service via Invalid SIP Content-Length Header
CVE-2007-5269
libpng <1.0.29 and 1.2.x <1.2.21 - Denial of Service via Crafted PNG Chunk Handling
CVE-2007-5253
Cart32 < 6.3 - Arbitrary File Read via ImageName Parameter
CVE-2007-5258
phpFreeLog alpha 0.2.0 - Remote File Inclusion via log.php
CVE-2007-5231
Zomplog <= 3.8.1 - Authenticated Arbitrary File Upload via admin/upload_files.php
CVE-2007-5226
dircproxy < 1.2.0 - Denial of Service via NULL Pointer Dereference in ACTION Command
CVE-2007-5155
ICEOWS 4.20b - Remote Code Execution via Long Filename in ACE Archive Header
CVE-2007-5168
ClanLite 1.23.01.2005 - Remote File Inclusion via root_path Parameter
CVE-2007-4671
Safari - HTTPS Content Manipulation via JavaScript Injection
CVE-2007-3753
Apple iPhone 1.1.1 - Remote Code Execution and Denial of Service via Crafted SDP Packets
CVE-2007-3755
iPhone 1.1.1 - Unauthenticated Arbitrary Phone Call via tel: Link
CVE-2007-3757
Safari - Spoofed Telephone Number Display via Crafted tel: Link
CVE-2007-5128
SimpNews 2.41.03 - Information Disclosure via link_date Parameter
CVE-2007-5130
SimpGB 1.46.02 - Information Disclosure via Invalid Lang Parameter or Direct Trailer.php Request
CVE-2007-4993
Xen 3.0.3 - Authenticated Remote Code Execution via Crafted grub.conf File
CVE-2007-5119
JSPWiki 2.4.103 and 2.5.139-beta - Information Disclosure via Invalid Version Parameter
CVE-2007-5095
Windows Media Player 9 - Unauthenticated Remote Code Execution via HTMLView Parameter in ASX Files
CVE-2007-5086
Kaspersky Anti-Virus and Internet Security 7.0 build 125 - Denial of Service via SSDT Hook Parameter Validation
CVE-2007-5066
Webmin < 1.360 - Authenticated Remote Command Execution
CVE-2007-5035
openEngine 1.9 beta1 - Remote File Inclusion via this_module_path Parameter
CVE-2007-5036
AirDefense Airsensor M520 4.3.1.1 and 4.4.1.4 - Authenticated Denial of Service via Crafted HTTPS Query String
CVE-2007-5039
Ghost Security Suite beta 1.110 - Denial of Service via SSDT Hook Parameter Validation
Details
Vulnerabilities
12,655
Exploit Likelihood
High