Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-03 | CVE-2016-5701 | Injection vulnerability in multiple products setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. | 6.1 |
2016-06-08 | CVE-2015-8800 | Injection vulnerability in Broadcom products Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. | 7.3 |
2016-04-22 | CVE-2016-2204 | Injection vulnerability in Symantec Messaging Gateway 10.6.0 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | 8.2 |
2016-02-12 | CVE-2016-0881 | Injection vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. | 6.5 |
2016-01-10 | CVE-2015-7466 | Injection vulnerability in IBM Jazz Reporting Service 6.0 Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors. | 3.1 |
2015-08-13 | CVE-2015-3253 | Injection vulnerability in multiple products The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. | 9.8 |
2015-06-09 | CVE-2015-3200 | Injection vulnerability in multiple products mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | 7.5 |
2013-07-20 | CVE-2013-2251 | Injection vulnerability in multiple products Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. | 9.8 |