CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74
CVE-2012-4196
Mozilla Firefox < 16.0.2 - Same Origin Policy Bypass via Prototype Property Injection
CVE-2011-4558 HIGH
Tiki < 8.2 - Authenticated Remote Code Execution via Regex Parameters
CVSS 7.2
CVE-2011-2717 CRITICAL
dhcp6c < 2011-07-25 - Remote Code Execution via Shell Metacharacters in DHCP Hostname
CVSS 9.8
CVE-2011-3624 MEDIUM
Ruby <=1.9.2 Header Injection via X-Forwarded-For/Host/Server Headers
CVSS 5.3
CVE-2011-2538 HIGH
Cisco Telepresence Video Communication Server < X7.0.3 - Authenticated Command Injection
CVSS 7.2
CVE-2011-2855
Google Chrome < 14.0.835.163 - Denial of Service via CSS Token Sequence Handling
CVE-2011-2805
Google Chrome < 13.0.782.107 - Script Injection via Same Origin Policy Bypass
CVE-2010-4658 MEDIUM
statusnet through 2010 - Syslog Spoofing via Newline Injection
CVSS 5.3
CVE-2010-4654 HIGH
poppler < 0.16.3 - Stack Corruption via Malformed Commands
CVSS 7.8
CVE-2010-3668 HIGH
TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.x < 4.4.1 - Header Injection via Secure Download Feature
CVSS 7.5
CVE-2009-1781
Frax.dk Php Recommend < 1.3 - Remote PHP Code Injection via form_aula Parameter
CVE-2008-0456
Apache HTTP Server 1.3.0-1.3.39, 2.0.0-2.0.61, 2.2.0-2.2.6 - HTTP Response Splitting via Multiline Filename Upload
CVE-2007-4190
Joomla! < 1.0.13 - CRLF Injection via URL Parameter
CVE-2005-3056 CRITICAL
TWiki - Remote Code Execution via Include Function
CVSS 9.8
CVE-2005-3750
Opera < 8.51 - Remote Code Execution via Shell Metacharacters in URL
CVE-2005-3007
Opera < 8.50 - Content Type Spoofing via Trailing Dot in Filename
CVE-2004-1157
Opera 7.0-7.54 - Cross-Site Scripting via Window Injection
CVE-2004-2570
Opera < 7.54 - Remote Code Execution via Location Object Manipulation
Details
Vulnerabilities 4,843
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits