CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,669 vulnerabilities with CWE-20
CVE-2007-4964
WinImage <= 8.10 - Denial of Service via Invalid BPB_BytsPerSec Field
CVE-2007-4925
eWire Payment Client 1.60 and 1.70 - Remote Command Execution via PaymentInfo Parameter
CVE-2007-4927
AXIS 207W Network Camera - Authenticated Denial of Service via buffername Parameter
CVE-2007-4932
Shop-Script < 2.0 - Unauthenticated Admin Panel Access via Improper Redirect Handling
CVE-2007-3654
NetBSD 3.0-4.0_BETA2 - Denial of Service via Display Driver Allocattr Ioctl
CVE-2007-3731
Linux Kernel 2.6.20-2.6.21 - Denial of Service via Invalid LDT Segment Selector in PTRACE_SINGLESTEP
CVE-2007-4911
JetCast Server 2.0.0.4308 - Denial of Service via Long .mp3 URI
CVE-2007-4914
Invision Power Board < 2.3.1 - Authenticated Privilege Escalation via Payment Form Member ID Manipulation
CVE-2007-4915
Boa Webserver 0.93.15 - Remote Admin Password Change via Long Username in HTTP Basic Authentication
CVE-2007-4905
AuraCMS 2.1 - Unauthenticated Arbitrary File Upload via mod/contak.php Image Parameter
CVE-2007-4887
PHP < 5.2.4 - Denial of Service via Long String in dl Function Library Parameter
CVE-2007-4840
PHP < 5.2.4 - Denial of Service via Long String in Iconv Charset Parameter
CVE-2007-4841
Mozilla Firefox/Thunderbird < 2.0.0.8, SeaMonkey < 1.1.5 - Remote Command Execution
CVE-2007-4844
X-Diesel Unreal Commander 0.92 build 565 and 573 - Denial of Service via FTP CWD Command Handling
CVE-2007-4752
OpenSSH < 4.7 - Privilege Escalation via Untrusted X11 Cookie Handling
CVE-2007-4780
Joomla! 1.5 before RC2 - Information Disclosure via tmpl/ Directory Requests
CVE-2007-4781
Joomla! 1.5 Beta1-1.5 RC1 - Authenticated Arbitrary File Upload via Installer Component
CVE-2007-4783
PHP < 5.2.4 - Denial of Service via iconv_substr Function
CVE-2007-4784
PHP < 5.2.3 - Denial of Service via Long Locale Parameter in setlocale
CVE-2007-4787
Sophos Anti-Virus < 2.49.0 - Malware Detection Bypass via Malformed CAB, LZH, or RAR Headers
CVE-2007-3912
debian-goodies < 0.34 - Privilege Escalation via Shell Metacharacters in Executable Name
CVE-2007-4757
phpmytourney - Remote File Inclusion via menu.php functions_file Parameter
CVE-2007-4761
Barbo91 1.1 - Unauthenticated Arbitrary File Upload
CVE-2007-4755
Alien Arena 2007 <= 6.10 - Denial of Service via Forged Server Packet
CVE-2007-3913
Gforge < 3.0 - SQL Injection
Details
Vulnerabilities 12,669
Exploit Likelihood High