Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-06-13 | CVE-2008-2704 | Improper Input Validation vulnerability in Novell Groupwise Messenger Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. | 5.0 |
2008-06-13 | CVE-2008-2686 | Improper Input Validation vulnerability in Flux CMS Flux CMS webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename. | 7.5 |
2008-06-12 | CVE-2008-2683 | Improper Input Validation vulnerability in Black ICE Barcode SDK 5.01 The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. | 9.3 |
2008-06-12 | CVE-2008-1453 | Improper Input Validation vulnerability in Microsoft Windows-Nt, Windows Vista and Windows XP The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. | 8.3 |
2008-06-12 | CVE-2008-1451 | Improper Input Validation vulnerability in Microsoft Windows 2000 and Windows 2003 Server The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." | 7.2 |
2008-06-12 | CVE-2008-1445 | Improper Input Validation vulnerability in Microsoft Windows-Nt, Windows 2003 Server and Windows XP Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. | 7.1 |
2008-06-12 | CVE-2008-1441 | Improper Input Validation vulnerability in Microsoft products Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." | 5.4 |
2008-06-10 | CVE-2008-2648 | Improper Input Validation vulnerability in Mebiblio 0.4.7 Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory. | 6.8 |
2008-06-10 | CVE-2008-1585 | Improper Input Validation vulnerability in Apple Quicktime Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. | 6.8 |
2008-06-10 | CVE-2008-2636 | Improper Input Validation vulnerability in Cisco Linksys Wrh54G Router 1.01.03 The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. | 7.8 |