Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-8093 | Injection vulnerability in Bitdefender Antivirus A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | 7.8 |
| 2020-01-28 | CVE-2013-3214 | Injection vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | 9.8 |
| 2020-01-28 | CVE-2013-3212 | Injection vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | 8.1 |
| 2020-01-28 | CVE-2013-1437 | Injection vulnerability in multiple products Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | 9.8 |
| 2020-01-27 | CVE-2015-3154 | Injection vulnerability in Zend Framework CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. | 6.1 |
| 2020-01-27 | CVE-2012-1496 | Injection vulnerability in Webcalendar Project Webcalendar Local file inclusion in WebCalendar before 1.2.5. | 8.8 |
| 2020-01-27 | CVE-2012-1495 | Injection vulnerability in Webcalendar Project Webcalendar install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | 9.8 |
| 2020-01-27 | CVE-2011-4558 | Injection vulnerability in Tiki Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | 7.2 |
| 2020-01-24 | CVE-2014-4172 | Injection vulnerability in multiple products A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | 9.8 |
| 2020-01-24 | CVE-2020-5219 | Injection vulnerability in Peerigon Angular-Expressions Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. | 8.8 |