CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,669 vulnerabilities with CWE-20
CVE-2007-3711
TippingPoint IPS TOS 2.1.x 2.2.x < 2.2.5 2.5.x < 2.5.2 - Detection Bypass via Fragmented Packets
CVE-2007-3715
Sun Java System Application Server and Web Server 7.0-9.0 - Arbitrary Java Method Execution via XSLT Stylesheet
CVE-2007-3716
Sun JDK and JRE < 6 - Remote Code Execution via XSLT Stylesheet Processing
CVE-2007-3400
NCTAudioEditor and NCTAudioStudio - Arbitrary File Write via NCTWMAFile2.dll CreateFile Method
CVE-2007-3389
Wireshark < 0.99.6 - Denial of Service via Crafted Chunked Encoding in HTTP Response
CVE-2007-3391
Wireshark 0.99.5 - Denial of Service via Malformed DCP ETSI Packet
CVE-2007-1362
Firefox 1.5.x-1.5.0.11 and 2.x-2.0.0.3 - Denial of Service via Cookie Path Parameter
CVE-2007-2967
F-Secure Anti-Virus - Denial of Service via Crafted ARJ Archives or FSG Packed Files
CVE-2007-2884
Microsoft Visual Basic 6 - Buffer Overflow
CVE-2007-2764
Sun-Brocade SilkWorm <20070516 - DoS
CVE-2007-1693
Yet Another Telephony Engine < 1.1.0 - Denial of Service via SIP Call-Info Header
CVE-2007-2509
PHP <4.4.7, <5.2.2 - Code Injection
CVE-2007-0213
Microsoft Exchange Server 2000 SP3, 2003 SP1-SP2, 2007 - Remote Code Execution via Base64 MIME Decoding
CVE-2007-1202
Microsoft Word and Works Suite - Remote Code Execution via RTF Control Word Parsing
CVE-2007-0035
Microsoft Office 2000/2003/XP/2004 Mac & Works Suite 2004-2006 RCE via Array Overflow
CVE-2007-2322
Nero MediaHome and MediaHome CE - Denial of Service via Crafted Packet with Two CRLF Sequences
CVE-2007-2292
Microsoft Internet Explorer < 2.0.0.8 - Improper Input Validation
CVE-2007-2172
Linux Kernel 2.4.0-2.4.34 and 2.6 < 2.6.21-rc6 - Out-of-Bounds Access in dn_fib_props and fib_props
CVE-2007-1995
Quagga < 0.98.6 and <= 0.99.6 - Denial of Service via MP_REACH_NLRI and MP_UNREACH_NLRI Attributes
CVE-2007-1922
Nullsoft Winamp - Remote Code Execution via Crafted IT or S3M File
CVE-2007-1803
MailDwarf < 3.01 - Email Address Spoofing via Improper Input Validation
CVE-2007-1793
Symantec Norton Personal Firewall 9.1.0.33/9.1.1.7 DoS via NtCreateMutant/NtOpenEvent
CVE-2007-1349
Apache mod_perl < 1.30 - Denial of Service via PATH_INFO Regular Expression
CVE-2007-1666
DataRescue IDA Pro 5.0 and 5.1 - Unauthenticated Debugger Server Request Execution
CVE-2007-1313
NETxAutomation NETxEIB OPC Server < 3.0.1300 - DoS or Code Execution via OPC Handle Validation
Details
Vulnerabilities 12,669
Exploit Likelihood High