Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-07-03 CVE-2016-5701 Injection vulnerability in multiple products
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.
network
low complexity
phpmyadmin opensuse CWE-74
6.1
2016-06-08 CVE-2015-8800 Injection vulnerability in Broadcom products
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
network
low complexity
broadcom CWE-74
7.3
2016-04-22 CVE-2016-2204 Injection vulnerability in Symantec Messaging Gateway 10.6.0
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.
local
low complexity
symantec CWE-74
8.2
2016-02-12 CVE-2016-0881 Injection vulnerability in EMC Documentum XCP 2.1/2.2
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.
network
low complexity
emc CWE-74
6.5
2016-01-10 CVE-2015-7466 Injection vulnerability in IBM Jazz Reporting Service 6.0
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.
network
high complexity
ibm CWE-74
3.1
2015-08-13 CVE-2015-3253 Injection vulnerability in multiple products
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
network
low complexity
apache oracle CWE-74
critical
9.8
2015-06-09 CVE-2015-3200 Injection vulnerability in multiple products
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
network
low complexity
lighttpd hp oracle CWE-74
7.5
2013-07-20 CVE-2013-2251 Injection vulnerability in multiple products
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
network
low complexity
apache fujitsu oracle CWE-74
critical
9.8