Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-6603 | Improper Input Validation vulnerability in Zohocorp Webnms Framework 5.2 ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | 9.8 |
| 2017-01-23 | CVE-2016-5119 | Improper Input Validation vulnerability in Keepass The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | 7.5 |
| 2017-01-23 | CVE-2016-4793 | Improper Input Validation vulnerability in Cakephp The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. | 7.5 |
| 2017-01-20 | CVE-2016-9436 | Improper Input Validation vulnerability in multiple products parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | 6.5 |
| 2017-01-20 | CVE-2016-9435 | Improper Input Validation vulnerability in multiple products The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. | 6.5 |
| 2017-01-20 | CVE-2014-9755 | Improper Input Validation vulnerability in Viprinet Multichannel VPN Router 300 Firmware 2013070830/2013080900 The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. | 7.5 |
| 2017-01-20 | CVE-2014-9754 | Improper Input Validation vulnerability in Viprinet Multichannel VPN Router 300 Firmware 2013070830/2013080900 The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. | 5.9 |
| 2017-01-20 | CVE-2017-2576 | Improper Input Validation vulnerability in Moodle In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | 5.3 |
| 2017-01-19 | CVE-2016-7543 | Improper Input Validation vulnerability in multiple products Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | 8.4 |
| 2017-01-19 | CVE-2015-8212 | Improper Input Validation vulnerability in Netbsd CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. | 9.8 |