Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74

CVE-2017-5585 HIGH

OpenText Documentum Content Server 7.3 - Authenticated SQL Injection via DQL Hints

CVE-2017-5630 HIGH

PEAR Base System 1.10.1 - Arbitrary File Overwrite via Unvalidated Redirect Response

CVE-2016-15007 MEDIUM

Centralized-Salesforce-Dev-Framework - SQL Injection

CVE-2016-15004 HIGH

InfiniteWP Client Plugin <1.6.0 - Code Injection

CVE-2016-11068 MEDIUM

Mattermost Server < 3.2.0 - LDAP Field Injection

CVE-2016-10801 HIGH

cPanel 11.54.0.0-11.54.0.25 - Improper Session Handling for Shared Users

CVE-2016-10847 HIGH

cPanel 11.48.0.5-11.48.5.2 - Arbitrary File Read and Write via fixmailboxpath Script

CVE-2016-10845 HIGH

cPanel 11.48.0.5-11.48.5.2 - Arbitrary File Overwrite via check_system_storable Script

CVE-2016-10761 MEDIUM

Logitech Unifying Receiver Firmware - Keystroke Injection via Encryption Bypass

CVE-2016-8900 CRITICAL

Exponent CMS <2.3.9 - Code Injection

CVE-2016-8899 CRITICAL

Exponent CMS <2.3.9 - Code Injection

CVE-2016-8901 CRITICAL

b2evolution 6.7.6 - Object Injection via call_plugin.php

CVE-2016-10498 CRITICAL

Qualcomm MDM9206 and Snapdragon Firmware - Denial of Service via RACH Procedure Timing Change

CVE-2016-3695 MEDIUM

Linux Kernel - Denial of Service via APEI Error Injection

CVE-2016-2980 MEDIUM

IBM Sametime 8.5.2-9.0.1 - Script Injection via WebPlayer

CVE-2016-8720 MEDIUM

Moxa AWK-3131A - HTTP Header Injection

CVE-2016-1155 CRITICAL

Android 2.2-6.0 - HTTP Header Injection via URLConnection

CVE-2016-4010 CRITICAL

Magento < 2.0.6 - Unauthenticated PHP Object Injection via Serialized Shopping Cart Data

CVE-2016-5013 MEDIUM

Moodle < 2.7.14 and 3.1-3.1.1 - Email Header Injection

CVE-2016-10131 CRITICAL

CodeIgniter < 3.1.3 - Remote Code Execution via Email From Field

CVE-2016-6473 MEDIUM

Cisco IOS - Unauthenticated Layer 2 Network Storm via Adjacent Attack

CVE-2016-9832 CRITICAL

PwC ACE-ABAP 8.10.304 - Authenticated ABAP Injection via SAPGUI or ICF

CVE-2016-5685 HIGH

Dell iDRAC7-8 <2.40.40.40 - Command Injection

CVE-2016-6754 HIGH

Android < 6.0.1 - Remote Code Execution in Webview

CVE-2016-7125 HIGH

PHP < 5.6.25 and 7.x < 7.0.10 - Remote Arbitrary Session Data Injection via Session Name Parsing

Previous Page 190 of 194 Next

Details

Vulnerabilities 4,843

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy