Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-08 | CVE-2008-2042 | Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. | 9.3 |
2008-05-07 | CVE-2008-2110 | Improper Input Validation vulnerability in QTO Qtofilemanager 1.0 Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request. | 7.5 |
2008-05-07 | CVE-2008-2106 | Improper Input Validation vulnerability in Activision Call of Duty 4 Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value. | 6.8 |
2008-04-30 | CVE-2008-2032 | Improper Input Validation vulnerability in Acritum Femitter Server 1.03 The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. | 5.0 |
2008-04-30 | CVE-2008-2031 | Improper Input Validation vulnerability in Vicftps 5.0 VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. | 5.0 |
2008-04-30 | CVE-2008-1738 | Improper Input Validation vulnerability in Rising-Global Rising Antivirus Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. | 2.1 |
2008-04-30 | CVE-2008-1737 | Improper Input Validation vulnerability in Sophos Anti-Virus 7.0.5 Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. | 6.9 |
2008-04-27 | CVE-2008-1988 | Improper Input Validation vulnerability in Encaps Encapsgallery 2.0.2 Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. | 9.0 |
2008-04-25 | CVE-2008-1942 | Improper Input Validation vulnerability in Foxit Software Reader 2.2 Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. | 6.8 |
2008-04-22 | CVE-2008-1905 | Improper Input Validation vulnerability in Nero Mediahome and Nero NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322. | 5.0 |