Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-04-21 | CVE-2008-1898 | Improper Input Validation vulnerability in Microsoft Office and Works A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | 9.3 |
2008-04-18 | CVE-2008-1734 | Improper Input Validation vulnerability in Gentoo PHP Toolkit 1.0 Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. | 3.6 |
2008-04-18 | CVE-2008-1693 | Improper Input Validation vulnerability in Poppler The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. | 6.8 |
2008-04-17 | CVE-2008-1862 | Improper Input Validation vulnerability in Exbb Italia ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. | 6.8 |
2008-04-16 | CVE-2008-1856 | Improper Input Validation vulnerability in Linpha plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration. | 5.1 |
2008-04-16 | CVE-2008-0892 | Improper Input Validation vulnerability in Redhat Directory Server and Fedora Directory Server The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands. | 9.0 |
2008-04-16 | CVE-2008-1835 | Improper Input Validation vulnerability in Clam Anti-Virus Clamav ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. | 5.0 |
2008-04-15 | CVE-2008-1785 | Improper Input Validation vulnerability in Prozilla TOP 100 1.2 delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | 5.5 |
2008-04-10 | CVE-2008-1722 | Improper Input Validation vulnerability in Cups 1.3 Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. | 4.3 |
2008-04-08 | CVE-2008-1702 | Improper Input Validation vulnerability in E107 MY Gallery 2.3 Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. | 4.3 |