Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74

CVE-2019-15616 MEDIUM

Nextcloud Server < 17.0.0 - CRLF Injection via Dangling Remote Share Attempts

CVE-2019-16468 HIGH

Adobe Experience Manager <6.6 - Code Injection

CVE-2019-20213 HIGH

D-Link DIR-859 Firmware < 1.07b03_beta - Unauthenticated Information Disclosure via AUTHORIZED_GROUP Parameter

CVE-2019-17558 HIGH KEV

Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection

CVE-2019-19389 MEDIUM

Ktor < 1.2.6 - HTTP Response Splitting

CVE-2019-6034 MEDIUM

a-blog cms 2.8.0-2.8.63 - Cross-Site Scripting

CVE-2019-11045 LOW

PHP 7.2.0-7.2.25, 7.3.0-7.3.12, 7.4.0 - Improper Null Termination in DirectoryIterator

CVE-2019-8792 HIGH

Shazam - Remote Code Execution via Maliciously Crafted URL

CVE-2019-17123 HIGH

eGain Mail 11+ - Email Header Injection via fromName Parameter

CVE-2019-1490 MEDIUM

Skype for Business Server - Spoofing via Improper Request Sanitization

CVE-2019-16771 MEDIUM

Armeria 0.85.0-0.96.0 - HTTP Response Splitting via CRLF Injection

CVE-2019-19330 CRITICAL

HAProxy < 2.0.10 - HTTP/2 Header Injection via CR, LF, and NUL Characters

CVE-2019-16254 MEDIUM

Ruby <2.4.7, 2.5.x<2.5.6, 2.6.x<2.6.4 - HTTP Response Splitting

CVE-2019-4216 MEDIUM

IBM SmartCloud Analytics Log Analysis 1.3.1-1.3.5 - HTTP Host Header Injection

CVE-2019-8135 CRITICAL

Magento 2.2-2.2.9 and 2.3-2.3.2 - Remote Code Execution via Symfony Dependency Injection

CVE-2019-18657 MEDIUM

ClickHouse <19.13.5.44 - HTTP Header Injection

CVE-2019-4461 MEDIUM

IBM Cloud Orchestrator <2.4.0.5, <2.5.0.9 - SSRF

CVE-2019-4396 MEDIUM

IBM Cloud Orchestrator <2.4.0.5 & <2.5.0.9 - SSRF

CVE-2019-18348 MEDIUM

Python 2.x < 2.7.17 - CRLF Injection via urllib/urllib2 URL Host Component

CVE-2019-11282 MEDIUM

Cloudfoundry Cf-deployment < 12.2.0 - Information Disclosure

CVE-2019-17513 HIGH

Ratpack < 1.7.5 - HTTP Response Splitting via Unvalidated HTTP Headers

CVE-2019-9535 CRITICAL

iTerm2 <= 3.3.5 - Remote Code Execution via tmux Control Mode

CVE-2019-4558 HIGH

IBM Spectrum Scale <5.0.3.2, <4.2.3.17 - Privilege Escalation

CVE-2019-15259 MEDIUM

Cisco Unified Contact Center Express < 11.6(2) - Unauthenticated HTTP Response Splitting via Parameter Injection

CVE-2019-17068 HIGH

PuTTY < 0.73 - Terminal Session Injection via Bracketed Paste Mode

Previous Page 181 of 194 Next

Details

Vulnerabilities 4,843

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy