Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74

CVE-2019-11275 MEDIUM

Pivotal Application Manager <670.0.7 - Command Injection

CVE-2019-16532 MEDIUM

YzmCMS V5.3 - HTTP Host Header Injection

CVE-2019-11277 HIGH

Cloudfoundry Cf-deployment < 11.1.0 - Injection

CVE-2019-5314 MEDIUM

ArubaOS < 6.4.4.20 - HTTP Response Splitting and Reflected Cross-Site Scripting via URL Parameters

CVE-2019-5977 MEDIUM

Cybozu Garoon 4.0.0-4.10.2 - Authenticated Mail Header Injection via E-Mail Application

CVE-2019-10074 CRITICAL

Apache OFBiz 16.11.01-16.11.04 - Remote Code Execution via Freemarker Markup in Form Widget Textarea

CVE-2019-12463 HIGH

LibreNMS 1.50.1-1.53 - Authenticated RRDtool Injection via Graph Parameter

CVE-2019-10665 CRITICAL

LibreNMS < 1.47 - RRDtool Injection via Graph Parameter

CVE-2019-1939 HIGH

Cisco Webex Teams < 3.0.12427.0 - Unauthenticated Remote Code Execution via Software Logging Feature

CVE-2019-11581 CRITICAL KEV

Jira Server/Data Center <7.6.14, <7.13.5, <8.0.3, <8.1.2, <8.2.3 - RCE

CVE-2019-5404 HIGH

HPE 3PAR StoreServ Management Console < 3.5.0.1 - Remote Script Injection

CVE-2019-7889 MEDIUM

Magento <1.9.4.2, <1.14.4.2, <2.1.18, <2.2.9, <2.3.2 - Command Inje...

CVE-2019-1020006 MEDIUM

invenio-app <1.1.1 - Host Header Injection

CVE-2019-9811 HIGH

Firefox ESR < 60.8, Firefox < 68, Thunderbird < 60.8 - Privilege Es...

CVE-2019-11718 MEDIUM

Firefox < 68.0 - Cross-Site Scripting via Activity Stream Snippet Service Content

CVE-2019-13915 HIGH

b3log Wide < 1.6.0 - Arbitrary File Read and Write via Editor Code Execution, Symlink in ZIP, or Git Repository Import

CVE-2019-1010310 LOW

GLPI GLPI Product <9.3.1 - Command Injection

CVE-2019-0319 HIGH

SAP Gateway 7.5-7.53 - Content Spoofing via Error Message Injection

CVE-2019-13146 MEDIUM

field_test 0.3.0 - Improper Input Validation

CVE-2019-12966 CRITICAL

FeHelper < 2019-06-19 - Remote Code Execution via JSON Format Operation

CVE-2019-8323 HIGH

RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via API Response Output

CVE-2019-8322 HIGH

RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via gem owner Command

CVE-2019-8325 HIGH

RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via Error Message Handling

CVE-2019-0304 CRITICAL

SAP NetWeaver AS ABAP Platform - Remote Code Execution via FTP Function

CVE-2019-12387 MEDIUM

Twisted < 19.2.1 - HTTP Request Smuggling via CRLF Injection

Previous Page 182 of 194 Next

Details

Vulnerabilities 4,843

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy