Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74

CVE-2018-4235 MEDIUM

Apple tvOS < 11.4 - Local Impersonation via Messages Component Injection

CVE-2018-1000193 MEDIUM

Jenkins < 2.120 and LTS < 2.107.2 - User Impersonation via Control Character Injection in Username

CVE-2018-4106 HIGH

macOS < 10.13.4 - Command Injection via Terminal Bracketed Paste Mode

CVE-2018-1319 MEDIUM

Apache Allura < 1.8.0 - HTTP Response Splitting via Crafted URL

CVE-2018-6220 CRITICAL

Trend Micro Email Encryption Gateway 5.5 - Arbitrary File Write

CVE-2018-1000130 HIGH

Jolokia webarchive_agent 1.3.7 - JNDI Injection in Proxy Mode

CVE-2018-7032 HIGH

myrepos < 1.20171231 - Remote Code Execution via Git Clone URL Injection

CVE-2018-6603 MEDIUM

Promise WebPam Pro-E - Cross-Site Scripting and HTTP Response Splitting via PHPSESSID Cookie

CVE-2018-6289 CRITICAL

Kaspersky Secure Mail Gateway 1.1 - Configuration File Injection Leading to Remote Code Execution

CVE-2018-6519 HIGH

SimpleSAMLphp saml2 < 1.10.4 - Regular Expression Denial of Service via Timestamp Validation

CVE-2017-20197 HIGH

propanetank Roommate-Bill-Tracking - SQL Injection in /includes/login.php

CVE-2017-20196 MEDIUM

Itechscripts School Management Software 2.75 - SQL Injection

CVE-2017-20187 LOW

Magnesium-PHP <0.3.0 - SQL Injection

CVE-2017-20174 MEDIUM

Kirby Webmentions Plugin - Code Injection

CVE-2017-20161 MEDIUM

macgeiger < 2017-12-02 - Injection in ESSID Handler

CVE-2017-18923 HIGH

beroNet VoIP Gateways <3.0.16 - File Download

CVE-2017-18900 CRITICAL

Mattermost Server <4.1.0-3.10.3 - Code Injection

CVE-2017-18860 HIGH

NETGEAR Smart and Managed Switches - Unauthenticated Remote Command Execution via Debugging Command Injection

CVE-2017-18856 MEDIUM

NETGEAR ReadyNAS <6.6.1 - Command Injection

CVE-2017-18855 HIGH

NETGEAR WNR854T <1.5.2 - Command Injection

CVE-2017-18854 MEDIUM

NETGEAR ReadyNAS <6.6.1 - Command Injection

CVE-2017-18863 HIGH

NETGEAR <various - Command Injection

CVE-2017-18737 HIGH

NETGEAR Multiple Routers - Unauthenticated OS Command Injection

CVE-2017-18736 HIGH

NETGEAR JR6150/R6050/R6220/R6700/R6800/R6900/WNDR3700 Firmware - Unauthenticated OS Command Injection

CVE-2017-18735 HIGH

NETGEAR JR6150/PR2000/R6050/R6700/R6800/R6900 Firmware - Unauthenticated Command Injection

Previous Page 185 of 194 Next

Details

Vulnerabilities 4,843

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy