Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-06 | CVE-2017-6031 | Injection vulnerability in Certec EDV Gmbh Atvise Scada 2.5.10 A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. | 8.8 |
| 2017-05-03 | CVE-2017-8458 | Injection vulnerability in Brave 0.12.4 Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. | 6.5 |
| 2017-04-28 | CVE-2017-2140 | Injection vulnerability in Gaku Tablacus Explorer 17.3.30 Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | 8.8 |
| 2017-04-24 | CVE-2017-3547 | Injection vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). | 7.4 |
| 2017-04-13 | CVE-2016-8720 | Injection vulnerability in Moxa Awk-3131A Firmware 1.1 An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. | 4.3 |
| 2017-04-13 | CVE-2016-1155 | Injection vulnerability in Google Android HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. | 9.8 |
| 2017-04-12 | CVE-2017-7703 | Injection vulnerability in multiple products In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. | 7.5 |
| 2017-04-10 | CVE-2017-7239 | Injection vulnerability in Ninka Project Ninka Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | 9.8 |
| 2017-04-10 | CVE-2015-8258 | Injection vulnerability in Axis Communications Firmware 5.80.3 AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | 7.5 |
| 2017-04-10 | CVE-2015-7264 | Injection vulnerability in Proxygen Project Proxygen The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. | 9.8 |