Abuse-of-functionality Vulnerabilities

Vulnerability Name CVE CWE Severity
WordPress plugin All in One SEO Pack privilege escalation vulnerabilities CWE-269  High
AngularJS client-side template injection CWE-79  High
File upload XSS (Java applet) CWE-79  High
Clickjacking: X-Frame-Options header missing CWE-693  Low
WordPress plugin Custom Contact Forms critical vulnerability CWE-287  High
DotNetNuke multiple vulnerabilities CVE-2012-1030  CWE-79  High
Email Header Injection CWE-20  High
Email injection CWE-20  High
File tampering CWE-20  Medium
Unrestricted file upload CWE-434  High
File upload XSS CWE-79  High
Insecure Flash embed parameter CWE-284  Low
HTML form susceptible to spam CWE-20  Medium
Host header attack CWE-20  Medium
Host header attack AcuMonitor CWE-20  High
HTML Form found in redirect page CWE-287  Low
HTML injection CWE-80  Medium
Java Debug Wire Protocol remote code execution CWE-16  High
Deserialization of Untrusted Data (Java JSON Deserialization) CWE-502  High
Deserialization of Untrusted Data (Java JSON Deserialization) CWE-502  High
Deserialization of Untrusted Data (Java JSON Deserialization) CWE-502  High
Deserialization of Untrusted Data (Java JSON Deserialization) CWE-502  High
Deserialization of Untrusted Data (Java Object Deserialization) CWE-502  High
Java object deserialization of user-supplied data CWE-20  Medium
JIRA Security Advisory 2013-02-21 CWE-16  High
JSF ViewState client side storage CWE-16  Medium
JSP authentication bypass CWE-287  High
Login page password-guessing attack CWE-307  Low
MediaWiki chunked uploads security issue CVE-2013-2114  CWE-434  High
MongoDB injection CWE-16  High
Microsoft SQL Server weak password encryption vulnerability CVE-2000-0199  CWE-310  Medium
MySQL Community Server 5.0 to 5.0.45 multiple vulnerabilities CVE-2007-2691  CVE-2007-2692  CVE-2007-3780  CVE-2007-3781  CVE-2007-3782  CWE-264  Low
MySQL 5.1 to 5.1.18 multiple vulnerabilities CVE-2007-2691  CVE-2007-2692  CVE-2007-2693  CWE-264  High
MySQL Community Server to 5.1.23 / 6.0.4 multiple vulnerabilities CVE-2007-5969  CVE-2007-5970  CVE-2007-6313  CVE-2008-0226  CVE-2008-0227  CWE-264  High
MySQL buffer overflow in user defined functions CVE-2005-2558  CWE-119  High
MySQL Enterprise Server v.5.0.52 multiple vulnerabilities CVE-2007-5969  CVE-2007-6303  CVE-2007-6304  CWE-264  High
MySQL server older than 3.23.36 CVE-2001-0407  CWE-284  High
MySQL server older than 4.0.6 or 3.23.54 CVE-2002-1373  CVE-2002-1374  CVE-2002-1375  CVE-2002-1376  CWE-284  High
MySQL server older than 4.0.21 CVE-2004-0957  CWE-284  High
MySQL server older than 4.0.21 or 3.23.59 CVE-2004-0835  CVE-2004-0836  CVE-2004-0837  CWE-284  High
MySQL server older than 4.0.24 or 4.1.10a CVE-2005-0709  CVE-2005-0710  CVE-2005-0711  CWE-284  High
MySQL Community Server symlink attack vulnerability CVE-2004-0381  CVE-2004-0388  CWE-284  High
Server-side JavaScript injection CWE-20  High
Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140  CWE-434  High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder CWE-94  High
PHP curl_exec() url is controlled by user CVE-2009-0037  CWE-352  Medium
PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986  CWE-20  Medium
PHP object deserialization of user-supplied data CWE-20  Medium
PHP preg_replace used on user input CWE-20  Medium
PHP super-globals-overwrite CWE-16  Medium
PHP unserialize() used on user input CWE-20  Medium
Python pickle serialization CWE-502  High
Python object deserialization of user-supplied data CWE-20  Medium
Ruby on Rails CookieStore session cookie persistence CWE-284  Low
Rails mass assignment CWE-915  High
Http redirect security bypass CWE-20  High
Reflected file download CWE-20  Medium
Possible relative path overwrite CWE-20  Low
Same origin method execution (SOME) CWE-20  Medium
SMB Administrator account without password CWE-16  High
SMTP open mail relay CWE-16  Medium
SMTP EXPN/VRFY verbs enabled CWE-16  Medium
TCPDF arbitrary file read CWE-98  High
Apache Tomcat JK connector security bypass CVE-2007-1860  CWE-16  High
Uncontrolled format string CWE-134  High
Unprotected phpMyAdmin interface CWE-16  High
URL rewrite vulnerability CWE-436  Medium
User controllable charset CWE-20  Medium
User-controlled form action CWE-20  Medium
Partial user controllable script source CWE-20  Medium
VirtueMart access control bypass CWE-287  High
VNC does not require authentication CWE-287  High
RealVNC remote authentication bypass CVE-2006-2369  CWE-287  High
webadmin.php script CWE-16  High
WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload CWE-434  High
WordPress XML-RPC authentication brute force CWE-521  Medium
WordPress plugin WPtouch insecure nonce generation CWE-287  High
XML external entity injection and XML injection CWE-611  High
XML external entity injection CWE-611  High
XML external entity injection via external file CWE-611  High
XML external entity injection via File Upload CWE-611  High
XSLT injection CWE-91  High