Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74

CVE-2017-17511 HIGH

KildClient 3.1.0 - Argument Injection via BROWSER Environment Variable

CVE-2017-16680 HIGH

SAP HANA extended application services - Audit Log Injection

CVE-2017-15708 CRITICAL

Apache Synapse < 3.0.1 - Unauthenticated Remote Code Execution via RMI Deserialization

CVE-2017-17523 HIGH

LilyPond 2.19.80 - Argument Injection via BROWSER Environment Variable

CVE-2017-17512 HIGH

sensible-utils < 0.0.11 - Argument Injection via BROWSER Environment Variable

CVE-2017-1000217 HIGH

Opencast < 2.3.3 - Script Injection via Media and Metadata in Player and Media Module

CVE-2017-16719 HIGH

Moxa NPort 5110, 5130, and 5150 - Denial of Service via Packet Injection

CVE-2017-8809 CRITICAL

MediaWiki < 1.27.4, 1.28.x < 1.28.3, 1.29.x < 1.29.2 - Reflected File Download via api.php

CVE-2017-5636 CRITICAL

Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Permission Impersonation via Crafted Username

CVE-2017-14397 CRITICAL

AnyDesk <3.6.1 (Windows) - Code Injection

CVE-2017-9861 CRITICAL

SMA Sunny Boy and Sunny Tripower Firmware - Unauthenticated SIP Replay and Packet Injection

CVE-2017-6748 MEDIUM

Cisco Web Security Appliance - Authenticated Command Injection via CLI Parser

CVE-2017-5246 MEDIUM

Biscom Secure File Transfer <5.1.1026 - Code Injection

CVE-2017-1000052 HIGH

Elixir Plug <v1.0.4,v1.1.7,v1.2.3,v1.3.2 - Code Injection

CVE-2017-7459 HIGH

ntopng < 2.4 - HTTP Response Splitting

CVE-2017-9135 HIGH

Mimosa Client Radios <2.2.4 - Mimosa Backhaul Radios <2.2.4 - RCE

CVE-2017-9133 HIGH

Mimosa Backhaul and Client Radios < 2.2.3 - Authenticated OS Command Injection via Ping Host Parameter

CVE-2017-6031 HIGH

atvise scada < 3.0 - Remote Code Execution via HTTP Header Injection

CVE-2017-8458 MEDIUM

Brave 0.12.4 - URI Obfuscation via Ambiguous Authority Display

CVE-2017-2140 HIGH

Tablacus Explorer <= 17.3.30 - Remote Code Execution via Crafted Directory

CVE-2017-3547 HIGH

Oracle PeopleSoft Products <8.55 - Info Disclosure

CVE-2017-7703 HIGH

Wireshark 2.2.0-2.2.5 & 2.0.0-2.0.11 - Crash

CVE-2017-7239 CRITICAL

ninka < 1.3.0 - Denial of Service via Crafted Filename

CVE-2017-6971 HIGH

AlienVault USM/OSSIM <5.3.7/NfSen <1.3.8 - Command Injection

CVE-2017-0154 MEDIUM

Internet Explorer 11 Cross-Domain Policy Bypass via Information Injection

Previous Page 189 of 194 Next

Details

Vulnerabilities 4,843

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy