Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-3547 Injection vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework).
network
low complexity
oracle CWE-74
7.4
2017-04-13 CVE-2016-8720 Injection vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1.
network
low complexity
moxa CWE-74
4.3
2017-04-13 CVE-2016-1155 Injection vulnerability in Google Android
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.
network
low complexity
google CWE-74
critical
9.8
2017-04-12 CVE-2017-7703 Injection vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-74
7.5
2017-04-10 CVE-2017-7239 Injection vulnerability in Ninka Project Ninka
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.
network
low complexity
ninka-project CWE-74
critical
9.8
2017-04-10 CVE-2015-8258 Injection vulnerability in Axis Communications Firmware 5.80.3
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
network
low complexity
axis CWE-74
7.5
2017-04-10 CVE-2015-7264 Injection vulnerability in Proxygen Project Proxygen
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.
network
low complexity
proxygen-project CWE-74
critical
9.8
2017-03-22 CVE-2017-6971 Injection vulnerability in multiple products
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
network
low complexity
alienvault nfsen CWE-74
8.8
2017-03-17 CVE-2017-0154 Injection vulnerability in Microsoft Internet Explorer 11
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-74
4.4
2017-02-22 CVE-2017-5585 Injection vulnerability in Opentext Documentum Content Server 7.3
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request.
network
low complexity
opentext CWE-74
8.8