Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-9380 | Improper Input Validation vulnerability in multiple products The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | 7.5 |
| 2017-01-23 | CVE-2016-9379 | Improper Input Validation vulnerability in multiple products The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | 7.9 |
| 2017-01-23 | CVE-2016-6603 | Improper Input Validation vulnerability in Zohocorp Webnms Framework 5.2 ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | 9.8 |
| 2017-01-23 | CVE-2016-5119 | Improper Input Validation vulnerability in Keepass The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | 7.5 |
| 2017-01-23 | CVE-2016-4793 | Improper Input Validation vulnerability in Cakephp The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. | 7.5 |
| 2017-01-20 | CVE-2016-9436 | Improper Input Validation vulnerability in multiple products parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | 6.5 |
| 2017-01-20 | CVE-2016-9435 | Improper Input Validation vulnerability in multiple products The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. | 6.5 |
| 2017-01-20 | CVE-2014-9755 | Improper Input Validation vulnerability in Viprinet Multichannel VPN Router 300 Firmware 2013070830/2013080900 The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. | 7.5 |
| 2017-01-20 | CVE-2014-9754 | Improper Input Validation vulnerability in Viprinet Multichannel VPN Router 300 Firmware 2013070830/2013080900 The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. | 5.9 |
| 2017-01-20 | CVE-2017-2576 | Improper Input Validation vulnerability in Moodle In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | 5.3 |