Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-18 | CVE-2008-0999 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. | 7.1 |
2008-03-18 | CVE-2008-0054 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | 6.4 |
2008-03-17 | CVE-2008-1366 | Improper Input Validation vulnerability in Trend Micro Officescan Corporate Edition Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference. | 5.0 |
2008-03-14 | CVE-2008-1337 | Improper Input Validation vulnerability in Netopia Timbuktu PRO 8.6.5 The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. | 5.0 |
2008-03-14 | CVE-2008-1157 | Improper Input Validation vulnerability in Cisco Ciscoworks Internetwork Performance Monitor 2.6 Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. | 10.0 |
2008-03-14 | CVE-2008-1118 | Improper Input Validation vulnerability in Netopia Timbuktu PRO 8.6.5 Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. | 7.5 |
2008-03-12 | CVE-2008-1311 | Improper Input Validation vulnerability in Packettrap Pt360 Tool Suite PRO The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. | 5.0 |
2008-03-12 | CVE-2008-1303 | Improper Input Validation vulnerability in Perforce Server The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. | 5.0 |
2008-03-11 | CVE-2008-0116 | Improper Input Validation vulnerability in Microsoft products Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." | 9.3 |
2008-03-10 | CVE-2008-1280 | Improper Input Validation vulnerability in Acronis True Image and True Image Windows Agent Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | 5.0 |