CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,843 vulnerabilities with CWE-74
CVE-2014-8423
ARRIS VAP2500 Firmware < 08.41 - Remote Command Execution
CVE-2013-4144
CRITICAL
swfupload - Object Injection
CVSS 9.8
CVE-2013-7487
CRITICAL
Swann DVR Devices - Remote Code Execution via TCP Port 9000
CVSS 9.8
CVE-2013-7324
MEDIUM
webkitgtk 2.0.0-2.26.4 - Unauthenticated High Volume Audio Output via JavaScript
CVSS 5.3
CVE-2013-7381
CRITICAL
libnotify < 1.0.4 - Remote Code Execution via libnotify.notify
CVSS 9.8
CVE-2013-2010
CRITICAL
W3 Total Cache < 0.9.2.8 - Remote PHP Code Execution
CVSS 9.8
CVE-2013-7378
CRITICAL
hubot_scripts < 2.4.4 - Remote Code Execution via Email Script
CVSS 9.8
CVE-2013-3628
HIGH
Zabbix 2.0.9 - Remote Command Execution
CVSS 8.8
CVE-2013-2678
HIGH
Cisco Linksys E4200 1.0.05 - Code Injection
CVSS 8.1
CVE-2013-3214
CRITICAL
vtiger CRM < 5.4.0 - PHP Code Injection via vtigerolservice.php
CVSS 9.8
CVE-2013-3212
HIGH
vtiger CRM < 5.4.0 - Local File Inclusion and Remote Code Execution via customerportal.php
CVSS 8.1
CVE-2013-1437
CRITICAL
Module-Metadata < 1.000015 - Remote Code Execution via $Version Eval Injection
CVSS 9.8
CVE-2013-7380
CRITICAL
ep_imageconvert < 0.0.2 - Remote Command Injection
CVSS 9.8
CVE-2013-7070
CRITICAL
Monitorix < 3.3.1 - Remote Code Execution via URI Shell Metacharacters
CVSS 9.8
CVE-2013-4318
MEDIUM
Ruby gem Features 0.3.0 - File Injection via Malicious HTML
CVSS 5.4
CVE-2013-2095
CRITICAL
OpenShift Origin Controller - OS Command Injection via URI.parse() in cartridge_cache.rb
CVSS 9.8
CVE-2013-4486
CRITICAL
Zanata 3.0.0-3.1.2 - Remote Code Execution via EL Interpolation in Logging
CVSS 9.8
CVE-2013-4578
MEDIUM
OpenJDK/Oracle Java SE <7u51 - Code Injection
CVSS 5.3
CVE-2013-6501
PHP < 5.6.7 - WSDL Injection via Predictable /tmp Cache Filename
CVE-2013-6435
rpm < 4.11.1 - Remote Code Execution via Crafted RPM File Extraction
CVE-2013-2251
CRITICAL
KEV
Apache Archiva 1.3-1.3.8 - Remote Code Execution via OGNL Expression Injection
CVSS 9.8
CVE-2012-1496
HIGH
WebCalendar < 1.2.5 - Local File Inclusion
CVSS 8.8
CVE-2012-1495
CRITICAL
WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter
CVSS 9.8
CVE-2012-0070
HIGH
spamdyke < 4.2.1 - Plaintext Exposure via STARTTLS
CVSS 7.5
CVE-2012-2931
HIGH
TinyWebGallery <1.8.8 - Code Injection
CVSS 7.2
Details
Vulnerabilities
4,843
Exploit Likelihood
High