CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,669 vulnerabilities with CWE-20
CVE-2006-2782
Firefox < 1.5.0.3 and SeaMonkey < 1.0.1 - Arbitrary File Read via File Upload Control Manipulation
CVE-2006-1858
Linux Kernel < 2.6.16.17 - Denial of Service via SCTP Chunk Length Inconsistency
CVE-2006-1528
Linux kernel < 2.6.13 - Denial of Service via sg Driver dio Transfer to mmap IO Space
CVE-2006-2223
Quagga 0.98-0.99 - Unauthenticated Routing State Exposure via RIPv1 REQUEST Packets
CVE-2006-1957
Joomla! - Denial of Service via RSS Feed Parameter
CVE-2006-0744
Linux kernel < 2.6.16.5 - Privilege Escalation via Uncanonical Return Address Handling
CVE-2006-1729
Mozilla Firefox <1.5.0.2 & 1.0.x <1.0.8 - Info Disclosure
CVE-2006-1192
Microsoft Internet Explorer <6 - CSRF
CVE-2006-1721
Cyrus SASL 2.1.18 - Unauthenticated Denial of Service via Malformed DIGEST-MD5 Input
CVE-2006-1522
Linux Kernel 2.6.16.1 and 2.6.17-rc1 - Denial of Service via Keyring Key Addition
CVE-2006-1626
Internet Explorer 6 for Windows XP SP2 - CSRF
CVE-2006-0047
Freeciv < 2.0.8 - Denial of Service via Crafted Packets with Negative Compressed Size
CVE-2006-0914
Bugzilla 2.16.10, 2.17-2.18.4, 2.20 - SQL Injection via duplicates.cgi mostfreqthreshold Parameter
CVE-2006-0884
Thunderbird < 1.0.7 - Information Disclosure via IFRAME SRC JavaScript URI
CVE-2006-0298
Firefox and SeaMonkey - Denial of Service via XML Parser Out-of-Bounds Read
CVE-2006-0321
fetchmail < 6.3.2 - Denial of Service via Crafted Email Message Bounce
CVE-2006-0340
Cisco IOS 12.0-12.4 - Denial of Service via Crafted SGBP UDP Packet
CVE-2006-0203
Mini-Nuke CMS System <= 1.8.2 - Unauthenticated Password Change via Lost Password Action
CVE-2005-4890 HIGH
Shadow <4.1.5, Sudo <1.7.4 - Privilege Escalation
CVSS 7.8
CVE-2005-4846
Spey 0.3.3 - Format String Vulnerability in Logger.cc
CVE-2005-4560
Windows 2003 Server and XP - Remote Code Execution via Crafted WMF SETABORTPROC GDI Escape
CVE-2005-2923
Ipswitch IMail Server 8.20 - Denial of Service via Long IMAP LIST Command Argument
CVE-2005-3946
Opera 8.50 - Denial of Service via Java Applet removeMember Method
CVE-2005-3678
Google Talk < 1.0.0.76 - Denial of Service via Blank Sender Email
CVE-2005-3591
Macromedia Flash Player - Remote Code Execution via ActionDefineFunction ActionScript Call
Details
Vulnerabilities 12,669
Exploit Likelihood High