Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74

CVE-2016-5701 MEDIUM

phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - Code Injection

CVE-2016-2204 HIGH

Symantec Messaging Gateway < 10.6.1 - Local Privilege Escalation via Terminal Input

CVE-2016-0881 MEDIUM

EMC Documentum xCP <2.1-2.2 - SQL Injection

CVE-2015-10062 MEDIUM

galaxy-data-resource <14.10.0 - Command Injection

CVE-2015-10040 MEDIUM

gitlearn < 2015-06-09 - Injection in Escape Sequence Handler

CVE-2015-10027 MEDIUM

hydrian TTRSS-Auth-LDAP <2.0b1 - LDAP Injection

CVE-2015-3154 MEDIUM

Zend Framework <2.4.1 - HTTP Response Splitting

CVE-2015-5462 MEDIUM

AxiomSL Axiom Google Web Toolkit <9.5.3 - XSS

CVE-2015-1975 HIGH

IBM Tivoli Directory Server 6.0-6.3 - Privilege Escalation via Web Administration Tool Argument Injection

CVE-2015-5377 CRITICAL

Elasticsearch < 1.6.1 - Remote Code Execution via Transport Protocol

CVE-2015-5227 HIGH

WordPress Landing Pages <1.9.2 - RCE

CVE-2015-7544 CRITICAL

Red Hat Enterprise Virtualization Manager <3.6 - Command Injection

CVE-2015-4075 HIGH

Helpdesk Pro < 1.3.0 - Arbitrary File Write via Language Save Task

CVE-2015-8258 HIGH

AXIS Communications <5.80.x - Code Injection

CVE-2015-7264 CRITICAL

Facebook Proxygen before 2015-11-09 - SPDY/2 Codec Injection via Truncated Field

CVE-2015-2180 HIGH

Roundcube Webmail < 1.1 - Remote Code Execution via DBMail Password Shell Metacharacters

CVE-2015-8800 HIGH

Symantec Critical System Protection and Data Center Security - Authenticated Argument Injection via Named Pipe

CVE-2015-7466 LOW

IBM Jazz Reporting Service <6.0.0-Rational-CLM-ifix005 - Command In...

Bolt < 2.2.5 - Authenticated Remote Code Execution via Theme Editor File Rename

macOS < 10.10.5 and iOS < 8.4.1 - Cookie Injection via CFNetwork Proxies

CVE-2015-3253 CRITICAL

Apache Groovy 1.7.0-2.4.3 - Remote Code Execution via MethodClosure Deserialization

Microsoft SQL Server 2008/2008 R2/2012/2014 - Authenticated RCE via Transactional Replication

IBM Leads 7.x-9.1.1 CSRF via Link Addition

libmimedir - Remote Code Execution via Malformed VCF File

CVE-2015-3200 HIGH

lighttpd <1.4.36 - Command Injection

Previous Page 191 of 194 Next

Details

Vulnerabilities 4,843

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy