Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-14 | CVE-2018-7032 | Injection vulnerability in Myrepos Project Myrepos webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack. | 7.5 |
| 2018-02-07 | CVE-2018-6603 | Injection vulnerability in Promise Webpam Proe Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. | 6.1 |
| 2018-02-06 | CVE-2018-6289 | Injection vulnerability in Kaspersky Secure Mail Gateway 1.1 Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. | 9.8 |
| 2018-02-02 | CVE-2018-6519 | Injection vulnerability in multiple products The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | 7.5 |
| 2018-01-26 | CVE-2017-14523 | Injection vulnerability in Wondercms 2.3.1 WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. | 7.5 |
| 2018-01-23 | CVE-2017-18049 | Injection vulnerability in Silverstripe In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). | 5.5 |
| 2018-01-19 | CVE-2017-14094 | Injection vulnerability in Trendmicro Smart Protection Server A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | 9.8 |
| 2018-01-12 | CVE-2014-7952 | Injection vulnerability in Google Android The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | 7.8 |
| 2018-01-04 | CVE-2017-15714 | Injection vulnerability in Apache Ofbiz 16.11.01/16.11.02/16.11.03 The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. | 9.8 |
| 2018-01-03 | CVE-2017-1000493 | Injection vulnerability in Rocket.Chat Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover | 9.8 |