Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2017-5636 | Injection vulnerability in Apache Nifi In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node. | 9.8 |
| 2017-10-18 | CVE-2015-5227 | Injection vulnerability in Inboundnow Wordpress Landing Pages The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | 8.8 |
| 2017-09-25 | CVE-2015-7544 | Injection vulnerability in Redhat Enterprise Virtualization Manager 3.4/3.4.1/3.5.0 redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. | 9.1 |
| 2017-09-20 | CVE-2015-4075 | Injection vulnerability in Helpdeskpro Helpdesk PRO 1.1.1/1.2.0/1.3.0 The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | 8.1 |
| 2017-09-12 | CVE-2017-14397 | Injection vulnerability in Anydesk AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. | 9.8 |
| 2017-08-29 | CVE-2016-2980 | Injection vulnerability in IBM Sametime The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. | 6.3 |
| 2017-08-05 | CVE-2017-9861 | Injection vulnerability in SMA products An issue was discovered in SMA Solar Technology products. | 9.8 |
| 2017-07-25 | CVE-2017-6748 | Injection vulnerability in Cisco products A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. | 6.7 |
| 2017-07-18 | CVE-2017-5246 | Injection vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. | 4.3 |
| 2017-07-17 | CVE-2017-1000052 | Injection vulnerability in Plug Project Plug Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. | 7.8 |