The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,669 vulnerabilities with CWE-20
CVE-2007-4744
AnyInventory 1.9.1 and 2.0 - Remote File Inclusion via DIR_PREFIX Parameter
CVE-2007-4732
Solaris 8-10 - Denial of Service via strfreectty NULL Pointer
CVE-2007-4738
SpeedTech PHP Library 0.8.0 - Remote File Inclusion via db_conf, ADODB_DIR, or STPHPLIB_DIR Parameter
CVE-2007-4742
Claroline < 1.8.5 - Authenticated Sensitive Information Exposure via Admin Users Sort Parameter
CVE-2007-4664
Firebird < 2.0.1 - Buffer Overflow in Database Attach and Create Functionality
CVE-2007-3998
PHP 4.0.0-4.4.7 - Denial of Service via wordwrap Function
CVE-2007-4635
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 - Denial of Service via File-Transfer Packet
CVE-2007-4636
phpBG 0.9.1 - Remote File Inclusion via rootdir Parameter
CVE-2007-2931
Microsoft MSN Messenger <7.5 - Buffer Overflow
CVE-2007-4467
Oracle JInitiator <= 1.1.8.25 - Remote Code Execution via Initialization Parameters
CVE-2007-4612
Dale Mooney Gallery - CRLF Injection via Contact Form Subject Parameter
CVE-2007-4221
Motorola Timbuktu Pro <8.6.5 - Buffer Overflow
CVE-2007-4561
Helix DNA Server <11.1.4 - Buffer Overflow
CVE-2007-4218
Trend Micro ServerProtect <5.58 SP4 - RCE
CVE-2007-4459
Cisco IP Phone 7940 and 7960 < 8.70 - Denial of Service via Malformed SIP Messages
CVE-2007-4216
vsdatant.sys 6.5.737.0 - Privilege Escalation
CVE-2007-4450
Toribash <2.71 - Protocol Violation
CVE-2007-4430
Cisco IOS 12.0-12.4 - Denial of Service via 'show ip bgp regexp' Command
CVE-2007-4391
Yahoo! Messenger 8.1.0.413 - Buffer Overflow
CVE-2007-3381
GNOME Display Manager DoS via NULL Return Handling
CVE-2007-2408
Apple Safari 3 Beta - Unauthenticated Java Applet Execution via Unchecked Enable Java Setting
CVE-2007-3806
PHP 5.2.3 - Denial of Service via Invalid Glob Flags Parameter
CVE-2007-3799
PHP 4.x-4.4.7 and 5.x-5.2.3 - Session Cookie Attribute Injection via Special Characters
CVE-2007-3780
MySQL Community Server < 5.0.45 - Denial of Service via Malformed Password Packet
CVE-2007-3701
TippingPoint IPS - Signature Evasion via Hex-Encoded Unicode Slash Character
Details
Vulnerabilities
12,669
Exploit Likelihood
High