VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 378 of 401
  • CVE-2009-0022Jan 5, 2009
    risk 0.00cvss epss 0.04

    Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

  • CVE-2008-5826Jan 2, 2009
    risk 0.00cvss epss 0.02

    The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.

  • CVE-2008-5810Jan 2, 2009
    risk 0.00cvss epss 0.04

    WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup,…

  • CVE-2008-5709Dec 24, 2008
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static…

  • CVE-2008-5695Dec 19, 2008
    risk 0.00cvss epss 0.12

    wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP…

  • CVE-2008-5693Dec 19, 2008
    risk 0.00cvss epss 0.03

    Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.

  • CVE-2008-5669Dec 19, 2008
    risk 0.00cvss epss 0.02

    index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.

  • CVE-2008-5508Dec 17, 2008
    risk 0.00cvss epss 0.02

    Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing…

  • CVE-2008-5657Dec 17, 2008
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.

  • CVE-2008-4224Dec 17, 2008
    risk 0.00cvss epss 0.02

    UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.

  • CVE-2008-5548Dec 12, 2008
    risk 0.00cvss epss 0.02

    VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a…

  • CVE-2008-5547Dec 12, 2008
    risk 0.00cvss epss 0.02

    HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no…

  • CVE-2008-5546Dec 12, 2008
    risk 0.00cvss epss 0.02

    VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5545Dec 12, 2008
    risk 0.00cvss epss 0.03

    Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no…

  • CVE-2008-5544Dec 12, 2008
    risk 0.00cvss epss 0.02

    Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no…

  • CVE-2008-5543Dec 12, 2008
    risk 0.00cvss epss 0.03

    Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-5542Dec 12, 2008
    risk 0.00cvss epss 0.02

    Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2)…

  • CVE-2008-5540Dec 12, 2008
    risk 0.00cvss epss 0.02

    Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension,…

  • CVE-2008-5538Dec 12, 2008
    risk 0.00cvss epss 0.02

    Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg…

  • CVE-2008-5537Dec 12, 2008
    risk 0.00cvss epss 0.03

    PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…