Przykłady dla CWE-20: Improper Input Validation

	Tytuł	Data	Autor
Med.	WordPress WoodMart Theme <= 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection	08.03.2023	FearZzZz
Low	NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery	18.05.2021	Harry Sintonen
Med.	Dovecot 2.3.11.3 Denial Of Service	07.01.2021	Innokentii Sennovskiy
Med.	October CMS <= Build 465 Multiple Vulnerabilities	03.08.2020	Sivanesh Ashok
Med.	Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service	20.05.2020	Philippe Antoine
Med.	SCP Server Verification Issues	16.01.2019	Harry Sintonen
Low	Wordpress Plugin Ninja Forms - CSV Injection	20.08.2018	Mostafa Gharzi
High	HPE VAN SDN 2.7.18.0503 Remote Root	28.06.2018	KoreLogic
High	HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root	27.06.2018	Matthew Bergin
Low	GNU Wget 1.19.4 Cookie Injection	08.05.2018	Harry Sintonen
Low	The First MicroFinance Bank \| RCE / File Upload	24.06.2017	Infinity Security Team
Low	AXIS Communications XSS / Content Inclusion	18.03.2017	orwelllabs
Low	AXIS Network Camera Cross Site Scripting	18.03.2017	orwelllabs
High	AXIS Authenticated Remote Command Execution	28.07.2016	orwelllabs
Low	CMS Made Simple Cache Poisoning	04.05.2016	I-Tracing
Low	pgpdump 0.29 Endless Loop	20.04.2016	Klaus Eisentraut
Med.	innovaphone IP222 UDP Denial Of Service	26.03.2016	Sven Freund
Med.	innovaphone IP222 11r2 sr9 Download Denial Of Service	26.03.2016	Sven Freund
Med.	Dell Authentication Driver Uncontrolled Write	19.12.2015	Matt Bergin
High	ZyXEL PMG5318-B20A OS Command Injection	16.10.2015	Karn Ganeshen
Low	GPON Zhone R4.0.2.566b D.O.S.	03.03.2015	Kaczinski lramirez
High	Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges	14.12.2014	quicinc
High	VMWare vmx86.sys Arbitrary Kernel Read	06.11.2014	Matt Bergin
Med.	Apache HTTP Server 2.4.7 mod_log_config denial of service	19.03.2014	Apache
High	Apple MacOSX 10.9.2 OpenSSL Verification Surprises	05.03.2014	hynek
Med.	Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability	27.02.2014	soroush
Low	PERL 5.10.0, 5.12.0, 5.14.0 Denial of Service	10.02.2014	Nobody
Med.	Conceptronic C54APM Open Redirect	12.01.2014	antonio vazquez blanco
Med.	OpenSSL 1.0.1e NULL Pointer dereference DoS	11.01.2014	Dr. Stephen Henson
Med.	Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls	09.01.2014	mpb
High	Linux kernel Multiple CVE fixes	23.11.2013	Nico Golde and Fabian ...
Med.	Goodix GT915 Driver Memory Corruption / DoS / Privilege Escalation	08.11.2013	Jonathan Salwan
Med.	Vino VNC Server 3.7.3 Denial Of Service	18.09.2013	Jonathan Claudius
Med.	WordPress Event Easy Calendar 1.0.0 XSS / CSRF / Input Validation	09.09.2013	RogueCoder
High	Hikvision IP Cameras Overflow / Bypass / Privilege Escalation	07.08.2013	CORE
Low	Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger	06.06.2013	CORE
High	NextApp Echo XML Injection Vulnerability	02.05.2013	Anonymous
High	Cisco Unified Computing System Multiple Vulnerabilities	24.04.2013	CISCO
High	Cisco NX-OS-Based Products Multiple Vulnerabilities	24.04.2013	CISCO
Med.	Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities	10.04.2013	Cisco
Low	Pebble 2.6.4 Open Redirection	04.11.2012	Anonymous
Low	VirtualBox CPU-emulation bug (missing CPL check)	08.09.2012	halfdog
Low	IBM Lotus Domino HTTP Response Splitting and Cross-Site Scripting	07.09.2012	MustLive
Low	IOServer Root Directory Trailing Backslash Multiple Vulnerabilities	20.08.2012	hinge
High	LifeSize Room Command Injection	13.11.2011	Spencer McIntyre (zero...
High	Apple Safari Webkit libxslt Arbitrary File Creation	29.10.2011	metasploit
Med.	astersik open source 1.8.7 Remote crash vulnerability	26.10.2011	Asterisk Security Team
High	CMS WebManager-Pro Vulnerabilities	12.10.2011	MustLive
High	Opera 10/11 (bad nesting with frameset tag) Memory Corruption	10.10.2011	Jose A. Vazquez
High	Mac OS X < 10.6.7 Kernel Panic Exploit	02.10.2011	hkpco
High	LifeSize Room Command Injection	05.09.2011	Spencer McIntyre
High	iOS SSL Implementation Does Not Validate Certificate Chain	01.09.2011	Trustwave Advisories
Low	Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS	01.09.2011	Timo Warns
Low	Android Browser Cross-Application Scripting	16.08.2011	Roee Hay
High	HP Data Protector Remote Shell for HP-UX	08.08.2011	Adrian Puente Z.
High	ioQuake3 Remote shell injection	06.08.2011	Thilo Schulz
High	HP Data Protector Remote Shell for HPUX	06.08.2011	Adrian Puente Z.
Med.	phpMyAdmin 3.x Conditional Session Manipulation	03.08.2011	Mango
High	Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability	19.07.2011	metasploit
Med.	Symantec Backup Exec 12.5 MiTM Attack	11.07.2011	Nibin
High	Black Ice Cover Page ActiveX Control Arbitrary File Download	22.06.2011	metasploit
High	Black Ice Cover Page SDK insecure method DownloadImageFileURL() exploit	22.06.2011	mr_me
High	Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute	10.06.2011	metasploit
High	HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)	30.05.2011	fdisk
Low	Opera : SELECT SIZE Arbitrary null write	13.05.2011	Advisories Toucan-Syst...
Low	CA SiteMinder Security Notice	02.05.2011	Williams, James K
Low	Linux Kernel 2.4 and 2.6 disclosure of sensitive information	12.04.2011	Timo Warns
Med.	Apache Tomcat 7.0.11 information disclosure	12.04.2011	Mark Thomas
High	xpdf multiple vulnerabilities allow remote code execution	02.04.2011	Advisories Toucan-Syst...
Med.	Mutt: failure to check server certificate in SMTP TLS connection	18.03.2011	dave b
Low	SugarCRM list privilege restriction bypass	18.03.2011	RedTeam Pentesting Gmb...
High	Linux Kernel Buffer Overflow ldm_frag_add() Elevated Privileges	04.03.2011	PRE
High	Cisco Secure Desktop CSDWebInstaller Remote Code Execution	01.03.2011	ZDI
Med.	ZOHO ManageEngine ADSelfService multiple vulnerabilities	18.02.2011	CORE Security Technolo...
Med.	mit kerberos 5-1.9 kpropd denial of service	12.02.2011	Tom Yu
Med.	MyProxy SSL Certificate Validation Security Bypass Vulnerability	03.02.2011	Venkat Yekkirala
High	OpenVAS Manager Command Injection Vulnerability	01.02.2011	Tim Brown
High	OpenVAS Manager Vulnerable To Command Injection	31.01.2011	Tim Brown
High	CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability	18.01.2011	felix
High	MS11-002: Microsoft Data Access Components Vulnerability	15.01.2011	Peter Vreugdenhil
High	Mono/Moonlight Generic Type Argument Local Privilege Escalation	15.01.2011	Chris Howie
Med.	Symantec Intel Handler Service Remote Denial-of-Service	25.12.2010	Core
High	Windows Win32k Pointer Dereferencement (MS10-098)	18.12.2010	Stefan LE BERRE
Low	PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference	05.11.2010	Maksymilian Arciemowic...
High	Android 2.0-2.1 Reverse Shell Exploit	05.11.2010	MJ Keith
Med.	KDC uninitialized pointer crash in authorization data handling	11.10.2010	Tom Yu
High	Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability	09.10.2010	Knud and nSense
Med.	IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability	07.10.2010	ZDI
High	Microsoft Unicode Scripts Processor Remote Code Execution	06.10.2010	Abysssec
Low	HP System Management Homepage (SMH) Remote URL Redirection	28.09.2010	HP
High	Novell iPrint Client ActiveX Control \'debug\' Buffer Overflow Exploit	23.09.2010	Trancer
Med.	MailEnable SMTP Service Two Denial of Service Vulnerabilities	17.09.2010	Secunia Research
Med.	Apache Traffic Server 2.0.0 issue	15.09.2010	Tim Brown
Low	linux kernel 2.6.34 xfs swapext ioctl issue	13.09.2010	Eugene Teo
High	Adobe Shockwave 11.20005.7.609 tSAC Chunk Invalid Seek	31.08.2010	ZDI
High	Adobe Shockwave 11.20005.7.609 CSWV Chunk Memory Corruption	31.08.2010	ZDI
High	Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability	30.08.2010	ZDI
High	Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerdability	30.08.2010	ZDI
High	Adobe Shockwave Player Director Remote Code Execution Vulnerability	30.08.2010	ZDI
High	ssmtp 2.62 standardise() Buffer overflow	24.08.2010	Jan Lieskovsky

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-04-25

CVE-2024-25917	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1.
CVE-2024-4175	Updating...	Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters.
CVE-2024-2467	Updating...	A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

2024-04-24

CVE-2024-32816	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.
CVE-2024-32782	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7.
CVE-2024-32781	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0.
CVE-2024-32726	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2.
CVE-2024-32716	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8.
CVE-2024-28977	Updating...	Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application.
CVE-2024-28976	Updating...	Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.

08.03.2023

18.05.2021

07.01.2021

03.08.2020

20.05.2020

16.01.2019

20.08.2018

28.06.2018

27.06.2018

08.05.2018

24.06.2017

18.03.2017

18.03.2017

28.07.2016

04.05.2016

20.04.2016

26.03.2016

26.03.2016

19.12.2015

16.10.2015

03.03.2015

14.12.2014

06.11.2014

19.03.2014

05.03.2014

27.02.2014

10.02.2014

12.01.2014

11.01.2014

09.01.2014

23.11.2013

08.11.2013

18.09.2013

09.09.2013

07.08.2013

06.06.2013

02.05.2013

24.04.2013

24.04.2013

10.04.2013

04.11.2012

08.09.2012

07.09.2012

20.08.2012

13.11.2011

29.10.2011

26.10.2011

12.10.2011

10.10.2011

02.10.2011

05.09.2011

01.09.2011

01.09.2011

16.08.2011

08.08.2011

06.08.2011

06.08.2011

03.08.2011

19.07.2011

11.07.2011

22.06.2011

22.06.2011

10.06.2011

30.05.2011

13.05.2011

02.05.2011

12.04.2011

12.04.2011

02.04.2011

18.03.2011

18.03.2011

04.03.2011

01.03.2011

18.02.2011

12.02.2011