CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,669 vulnerabilities with CWE-20
CVE-2006-5990
VMware VirtualCenter 2.x < 2.0.1 Patch 1 and 1.4.x < 1.4.1 Patch 1 - Server Certificate Verification Bypass
CVE-2006-5793
libpng 1.0.6-1.2.12 - Denial of Service via Malformed sPLT Chunk Handling
CVE-2006-5938
Grisoft AVG Anti-Virus - Remote Code Execution via Crafted CAB File
CVE-2006-5559
Microsoft Data Access Components - Use-After-Free via ADODB.Connection Execute Method
CVE-2006-5313
hastymail < 1.5 - Authenticated SMTP Command Injection via smtp_message Parameter
CVE-2006-4842
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
CVE-2006-5084
Skype < 1.5.0.79 - Format String Vulnerability via Malformed Skype URL
CVE-2006-4935
Moodle < 1.6.2 - Improper Input Validation in Database Module
CVE-2006-4936
Moodle < 1.6.2 - Improper Input Validation in Course Module Object Creation
CVE-2006-4340
Mozilla Firefox < 1.5.0.6 - Signature Forgery via RSA Key with Exponent 3
CVE-2006-4541
BlackICE PC Protection < 3.6 - Denial of Service via NtOpenSection API
CVE-2006-4466
Joomla! < 1.0.11 - Remote Variable Manipulation via Numeric Parameter Hash Collision
CVE-2006-4468
Joomla! < 1.0.11 - Multiple Unspecified Vulnerabilities via Input Validation Issues
CVE-2006-4310
Firefox 1.5.0.6 - Denial of Service via Crafted FTP Response
CVE-2006-4301
Microsoft Internet Explorer 6.0 SP1 - DoS via Long Color Attribute in DirectX Media Image Transforms
CVE-2006-4227
MySQL - Privilege Escalation via SUID Routine Argument Evaluation
CVE-2006-3450
Microsoft Internet Explorer 6 - RCE
CVE-2006-3451
Microsoft Internet Explorer <6 - RCE
CVE-2006-3942
Microsoft Windows NT 4.0, 2000, XP, Server 2003 - Denial of Service via Malformed SMB Transaction String
CVE-2006-3633
OSSP shiela < 1.1.5 - Authenticated Remote Command Execution via Filename Shell Metacharacters
CVE-2006-3423
WebEx Downloader ActiveX Control and Java - Remote Code Execution via GpcUrlRoot and GpcIniFileName Controls
CVE-2006-3281
Microsoft Internet Explorer 6.0 - RCE
CVE-2006-3014
Microsoft Excel - Arbitrary JavaScript Execution via Embedded Shockwave Flash Object
CVE-2006-2920
Sylpheed <2.2.2, Sylpheed <2.2.6 - CSRF
CVE-2006-2894
Mozilla Firefox <2.0.0.8 - Info Disclosure
Details
Vulnerabilities 12,669
Exploit Likelihood High