Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-12-11 CVE-2017-17512 Injection vulnerability in Sensible-Utils Project Sensible-Utils
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.
network
low complexity
sensible-utils-project CWE-74
8.8
2017-11-17 CVE-2017-1000217 Injection vulnerability in Opencast
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
network
low complexity
opencast CWE-74
8.8
2017-11-16 CVE-2017-16719 Injection vulnerability in Moxa products
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior.
network
low complexity
moxa CWE-74
7.5
2017-11-15 CVE-2017-8809 Injection vulnerability in multiple products
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
network
low complexity
mediawiki debian CWE-74
critical
9.8
2017-10-19 CVE-2017-5636 Injection vulnerability in Apache Nifi
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.
network
low complexity
apache CWE-74
critical
9.8
2017-10-18 CVE-2015-5227 Injection vulnerability in Inboundnow Wordpress Landing Pages
The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.
network
low complexity
inboundnow CWE-74
8.8
2017-09-25 CVE-2015-7544 Injection vulnerability in Redhat Enterprise Virtualization Manager 3.4/3.4.1/3.5.0
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.
network
low complexity
redhat CWE-74
critical
9.1
2017-09-20 CVE-2015-4075 Injection vulnerability in Helpdeskpro Helpdesk PRO 1.1.1/1.2.0/1.3.0
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
network
high complexity
helpdeskpro CWE-74
8.1
2017-09-12 CVE-2017-14397 Injection vulnerability in Anydesk
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.
network
low complexity
anydesk CWE-74
critical
9.8
2017-08-29 CVE-2016-2980 Injection vulnerability in IBM Sametime
The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works.
network
low complexity
ibm CWE-74
6.3