CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,669 vulnerabilities with CWE-20
CVE-2006-7225
Perl-Compatible Regular Expression (PCRE) < 6.7 - Denial of Service via Malformed POSIX Character Class
CVE-2006-7208
Adam van Dongen Forum (com_forum) 1.2.4RC3 - Remote File Inclusion via phpbb_root_path Parameter
CVE-2006-7171
Koan Software Mega Mall - Information Disclosure via Empty x[] Parameter
CVE-2006-7139
KMail 1.9.1 - Denial of Service via Malformed HTML Email with Table and Frameset Tags
CVE-2006-7160
Outpost Firewall PRO < 4.0 - Denial of Service via Invalid SSDT Function Arguments
CVE-2006-7113
P-News < 2.0 - Unauthenticated Arbitrary File Upload via Avatar File
CVE-2006-7070
Etomite < 0.6.1 - Unauthenticated Arbitrary File Upload via rfiles.php nfile Parameter
CVE-2006-6979
Amarok - OS Command Injection via Magnatune Ruby Handler
CVE-2006-2219
phpBB 2.0.20 - Information Disclosure via Improper Input Validation
CVE-2006-2220
phpBB 2.0.20 - Information Disclosure via Negative SQL LIMIT Parameter
CVE-2006-6971
Mozilla Firefox 2.0 - Phishing Protection Bypass via IP Address Representation
CVE-2006-6954
Flock beta 1 0.7 - Denial of Service via Nested Marquee Tags
CVE-2006-6955
Opera Browser - Denial of Service via Nested Marquee Tags
CVE-2006-6956
Microsoft Internet Explorer - Denial of Service via Nested Marquee Tags
CVE-2006-6943
phpMyAdmin < 2.9.1 - Path Disclosure via Multiple Scripts and Parameters
CVE-2006-5265
Microsoft Dynamics GP < 9.0 - Denial of Service via Invalid DPS Message Magic Number
CVE-2006-5867
fetchmail < 6.3.6 - Cleartext Password Transmission via TLS Enforcement Bypass
CVE-2006-5974
fetchmail 6.3.5-6.3.6 - Denial of Service via NULL Pointer Dereference in MDA Message Refusal
CVE-2006-6852
tDiary <2.1.4.200 - Command Injection
CVE-2006-6653
NetBSD - Denial of Service via Invalid Socket Parameters
CVE-2006-5872
SQL-Ledger - Remote Code Execution via login.pl Script Parameter
CVE-2006-6581
PHP_Debug 1.1.0 - Remote File Inclusion via debugClassLocation Parameter
CVE-2006-6383
PHP 5.2.0 and 4.4 - Local Restriction Bypass via Null Byte in session_save_path
CVE-2006-6241
Sorin Chitu Telnet-FTP Server 1.0 - Authenticated Denial of Service via RETR Command
CVE-2006-6168
TikiWiki < 1.9.7 - Notification Spam via Email Field Input Validation Bypass
Details
Vulnerabilities 12,669
Exploit Likelihood High