Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-06 | CVE-2008-2574 | Improper Input Validation vulnerability in Flashblog 0.31 Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/. | 7.5 |
| 2008-06-06 | CVE-2008-2545 | Improper Input Validation vulnerability in Skype Technologies Skype Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. | 9.3 |
| 2008-06-06 | CVE-2008-1805 | Improper Input Validation vulnerability in Skype Technologies Skype Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. | 9.3 |
| 2008-06-05 | CVE-2007-5671 | Improper Input Validation vulnerability in VMWare products HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. | 4.4 |
| 2008-06-04 | CVE-2008-2405 | Improper Input Validation vulnerability in SUN Java Active Server Pages 4.0.0/4.0.1 Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications. | 7.5 |
| 2008-06-04 | CVE-2008-2401 | Improper Input Validation vulnerability in SUN Java Active Server 4.0.2 The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications. | 7.5 |
| 2008-06-04 | CVE-2008-2119 | Improper Input Validation vulnerability in Asterisk Business Edition and Open Source Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer. | 4.3 |
| 2008-06-02 | CVE-2008-1030 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. | 10.0 |
| 2008-06-02 | CVE-2008-1028 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | 9.3 |
| 2008-05-29 | CVE-2008-2157 | Improper Input Validation vulnerability in EMC Corporation Alphastor 3.1Sp1 robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500. | 10.0 |