Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2017-5630 | Injection vulnerability in PHP Pear 1.10.1 PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. | 5.0 |
| 2017-01-30 | CVE-2015-2180 | Injection vulnerability in Roundcube Webmail The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | 9.0 |
| 2017-01-23 | CVE-2016-4010 | Injection vulnerability in Magento Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | 7.5 |
| 2017-01-20 | CVE-2016-5013 | Injection vulnerability in Moodle In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. | 5.8 |
| 2017-01-12 | CVE-2016-10131 | Injection vulnerability in Codeigniter system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | 7.5 |
| 2016-12-14 | CVE-2016-6473 | Injection vulnerability in Cisco IOS A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. | 6.1 |
| 2016-12-10 | CVE-2016-9832 | Injection vulnerability in PWC Ace-Advanced Business Application Programming 8.10.304 PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report. | 6.5 |
| 2016-11-29 | CVE-2016-5685 | Injection vulnerability in Dell Idrac7 Firmware and Idrac8 Firmware Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | 9.0 |
| 2016-11-25 | CVE-2016-6754 | Injection vulnerability in Google Android A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. | 6.8 |
| 2016-09-12 | CVE-2016-7125 | Injection vulnerability in PHP ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. | 5.0 |