CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74
CVE-2015-0169
IBM Security SiteProtector System 3.0-3.0.0.6, 3.1-3.1.0.3, 3.1.1-3.1.1.1 - Authenticated Argument Injection
CVE-2015-2704
realmd < 15.2 - Remote Configuration Injection via LDAP Response Newline
CVE-2015-3013
ownCloud Server <5.0.19,6.x<6.0.7,7.x<7.0.5 - Auth Bypass
CVE-2015-1592
Movable Type <5.2.12 & <6.0.7 - Code Injection
CVE-2015-0931
Ektron Content Management System 8.5, 8.7 < 8.7sp2, 9.0 < sp1 - Remote Code Execution via Crafted XSLT Document
CVE-2015-1169
Apereo Central Authentication Service < 3.5.2 - LDAP Injection via Username Parameter
CVE-2014-4678 CRITICAL
Ansible < 1.6.4 - Remote Code Execution via safe_eval Function
CVSS 9.8
CVE-2014-4967 CRITICAL
Ansible < 1.6.7 - Remote Code Execution via Crafted Fact Argument Injection
CVSS 9.8
CVE-2014-4966 CRITICAL
Ansible < 1.6.7 - Remote Code Execution via Crafted Jinja2 Template Injection
CVSS 9.8
CVE-2014-7236 CRITICAL
TWiki Debugenableplugins Remote Code Execution
CVSS 9.1
CVE-2014-5086 HIGH
Sphider Pro and Sphider Plus < 3.2 - Remote Code Execution via fwrite to conf.php
CVSS 8.8
CVE-2014-5085 HIGH
Sphider Plus 3.2 - Remote Code Execution via fwrite to conf.php
CVSS 8.8
CVE-2014-5084 HIGH
Sphider Pro 3.2 - Remote Code Execution via fwrite Parameter Injection
CVSS 8.8
CVE-2014-5083 HIGH
sphider < 1.3.6 - Remote Code Execution via fwrite to conf.php
CVSS 8.8
CVE-2014-4172 CRITICAL
Jasig Java CAS Client <3.3.2, .NET CAS Client <1.0.2, phpCAS <1.3.3 - URL Parameter Injection
CVSS 9.8
CVE-2014-7844 HIGH
Red Hat Enterprise Linux - Remote Code Execution via Crafted Email Address
CVSS 7.8
CVE-2014-5287 HIGH
Kemp LoadMaster < 7.1-16 - Bash Script Injection via Web User Interface
CVSS 8.8
CVE-2014-3700 CRITICAL
eDeploy - Remote Code Execution via Untrusted Data in eval()
CVSS 9.8
CVE-2014-10386 MEDIUM
3cx live_chat < 4.1.0 - Cross-Site Scripting
CVSS 6.1
CVE-2014-10394 MEDIUM
rich-counter < 1.2.0 - JavaScript Injection via User-Agent Header
CVSS 6.1
CVE-2014-10391 MEDIUM
WP Support Plus Responsive Ticket System < 4.1 - JavaScript Injection
CVSS 6.1
CVE-2014-2294 CRITICAL
Open Web Analytics <1.5.7 - Code Injection
CVSS 9.8
CVE-2014-7952 HIGH
Android - Arbitrary Code Execution via ADB Backup APK Injection
CVSS 7.8
CVE-2014-8910
IBM DB2 9.7-9.7 FP10, 9.8-9.8 FP5, 10.1 < FP5, 10.5-10.5 FP5 - Authenticated Arbitrary File Read via XML/XSLT Function
CVE-2014-7287
Symantec PGP Universal Server <3.3.2 MP7 - Info Disclosure
Details
Vulnerabilities 4,843
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits