Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-10 | CVE-2013-7380 | Injection vulnerability in EP Imageconvert Project EP Imageconvert 0.0.1/0.0.2 The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | 9.8 |
| 2020-01-09 | CVE-2012-2931 | Injection vulnerability in Tinywebgallery PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | 7.2 |
| 2020-01-08 | CVE-2014-5287 | Injection vulnerability in Kemptechnologies Loadmaster A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | 8.8 |
| 2019-12-31 | CVE-2013-7070 | Injection vulnerability in Fibranet Monitorix The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | 9.8 |
| 2019-12-30 | CVE-2019-17558 | Injection vulnerability in multiple products Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. | 7.5 |
| 2019-12-26 | CVE-2019-19389 | Injection vulnerability in Jetbrains Ktor JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | 5.4 |
| 2019-12-26 | CVE-2013-4318 | Injection vulnerability in Feature Project Feature 0.3.0 File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory. | 5.4 |
| 2019-12-26 | CVE-2019-6034 | Injection vulnerability in Appleple A-Blog CMS a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors. | 6.1 |
| 2019-12-23 | CVE-2019-11045 | Injection vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. | 5.9 |
| 2019-12-18 | CVE-2019-8792 | Injection vulnerability in Apple Shazam 12.11.0/9.25.0 An injection issue was addressed with improved validation. | 8.8 |