CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,669 vulnerabilities with CWE-20
CVE-2007-1476
Symantec Client Security - Denial of Service via SymTDI Driver Input Buffer
CVE-2007-1478
McGallery 0.5b - Unauthenticated Arbitrary File Read via Filename Parameter
CVE-2007-1441
BlackBerry 8100 - Denial of Service via Long WML Link Href Attribute
CVE-2007-1426
AstroCam 2.0.0-2.6.5 - Denial of Service via Large Data in 'a' Variable
CVE-2007-1277
WordPress 2.1.1 - Remote Code Execution via Backdoor in Feed and Theme PHP Files
CVE-2007-1257
Cisco Network Analysis Module - Remote Code Execution via Spoofed SNMP Packets
CVE-2007-1235
sitex - Unrestricted File Upload via Double Extension Bypass
CVE-2007-1136
webmplayer < 0.6.1-Alpha - Remote Code Execution via Shell Metacharacters in exec Function
CVE-2007-1155
webSPELL - Authenticated Arbitrary PHP File Upload via Add Squad Feature
CVE-2007-1097
Wiclear < 0.11.1 - Unauthenticated Arbitrary File Upload via onAttachFiles Function
CVE-2007-0908
PHP <5.2.1 & <4.4.5 - Info Disclosure
CVE-2007-0208
Microsoft Office 2000/2003/XP/2004 for Mac - Remote Code Execution via Malicious Macro
CVE-2007-0802
Firefox 2.0.0.1 - Phishing Protection Bypass via Domain Name Manipulation
CVE-2007-0683
Omegaboard 1.0beta4 - Remote File Inclusion via phpbb_root_path Parameter
CVE-2007-0521
Sony Ericsson K700i and W810i - Denial of Service via Repeated OBEX Push over Bluetooth
CVE-2007-0522
Motorola MOTORAZR - Denial of Service via Repeated OBEX Push Over Bluetooth
CVE-2007-0523
Nokia N70 - Denial of Service via Repeated OBEX Push over Bluetooth
CVE-2007-0524
LG Chocolate KG800 - Denial of Service via Repeated OBEX Push over Bluetooth
CVE-2007-0197
Finder 10.4.6 on Mac OS X 10.4.8 - DoS and RCE via Long Volume Name in DMG
CVE-2007-0028
Microsoft Excel 2000/2002/2003, Viewer 2003, Office 2004/Mac, v.X/Mac - RCE via Crafted XLS
CVE-2007-0102
Apple Preview - Denial of Service via Crafted PDF Catalog Dictionary
CVE-2007-0103
Adobe Acrobat Reader < 7.0.8 - Remote Code Execution via Crafted PDF Catalog Dictionary
CVE-2007-0104
xpdf 3.0.1 patch 2 - Denial of Service via Crafted Catalog Dictionary
CVE-2006-7243
PHP < 5.3.4 - Path Traversal via Null Byte Injection
CVE-2006-7235
Teamtek Universal FTP Server 1.0.50 - Denial of Service via STOR or MKD Command
Details
Vulnerabilities 12,669
Exploit Likelihood High