Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-28 | CVE-2015-0116 | Injection vulnerability in IBM Leads IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | 3.5 |
| 2015-06-16 | CVE-2015-3205 | Injection vulnerability in Libmimedir Project Libmimedir libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure." | 7.5 |
| 2015-06-09 | CVE-2015-3200 | Injection vulnerability in multiple products mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. | 5.0 |
| 2015-05-25 | CVE-2015-0169 | Injection vulnerability in IBM Security Siteprotector System IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. | 4.0 |
| 2015-05-18 | CVE-2015-2704 | Injection vulnerability in Realmd Project Realmd 15.2 realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. | 5.0 |
| 2015-05-08 | CVE-2015-3013 | Injection vulnerability in Owncloud ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file. | 6.0 |
| 2015-03-30 | CVE-2013-6501 | Injection vulnerability in PHP The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. | 4.6 |
| 2015-02-19 | CVE-2015-1592 | Injection vulnerability in multiple products Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. | 7.5 |
| 2015-02-14 | CVE-2015-0931 | Injection vulnerability in Ektron Content Management System 8.5.0/8.7.0/8.9.0 Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue. | 6.8 |
| 2015-02-10 | CVE-2015-1169 | Injection vulnerability in Apereo Central Authentication Service Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication. | 7.5 |