Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-24 | CVE-2017-3547 | Injection vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). | 7.4 |
2017-04-13 | CVE-2016-8720 | Injection vulnerability in Moxa Awk-3131A Firmware 1.1 An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. | 4.3 |
2017-04-13 | CVE-2016-1155 | Injection vulnerability in Google Android HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. | 9.8 |
2017-04-12 | CVE-2017-7703 | Injection vulnerability in multiple products In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. | 7.5 |
2017-04-10 | CVE-2017-7239 | Injection vulnerability in Ninka Project Ninka Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | 9.8 |
2017-04-10 | CVE-2015-8258 | Injection vulnerability in Axis Communications Firmware 5.80.3 AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | 7.5 |
2017-04-10 | CVE-2015-7264 | Injection vulnerability in Proxygen Project Proxygen The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. | 9.8 |
2017-03-22 | CVE-2017-6971 | Injection vulnerability in multiple products AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. | 8.8 |
2017-03-17 | CVE-2017-0154 | Injection vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability." | 4.4 |
2017-02-22 | CVE-2017-5585 | Injection vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. | 8.8 |