Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-10 | CVE-2008-1279 | Improper Input Validation vulnerability in Acronis True Image Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | 5.0 |
| 2008-03-10 | CVE-2008-1278 | Improper Input Validation vulnerability in Remotelyanywhere The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. | 5.0 |
| 2008-03-10 | CVE-2008-1277 | Improper Input Validation vulnerability in Mailenable Enterprise and Mailenable Professional The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | 9.0 |
| 2008-03-10 | CVE-2008-1265 | Improper Input Validation vulnerability in Linksys Wrt54G The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | 7.8 |
| 2008-03-10 | CVE-2008-1249 | Improper Input Validation vulnerability in Snom 320 SIP Phone snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field. | 9.4 |
| 2008-03-10 | CVE-2008-1245 | Improper Input Validation vulnerability in Belkin F5D7230-4 cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header. | 7.8 |
| 2008-03-09 | CVE-2008-1216 | Improper Input Validation vulnerability in IBM Lotus Quickr Server 8.0 IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element. | 6.8 |
| 2008-03-04 | CVE-2008-1136 | Improper Input Validation vulnerability in Synce 0.10.0/0.92 The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679. | 9.3 |
| 2008-03-03 | CVE-2008-1114 | Improper Input Validation vulnerability in Vocera Wireless Handset Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | 4.3 |
| 2008-02-29 | CVE-2007-6017 | Improper Input Validation vulnerability in Symantec Backup Exec for Windows Server 11D/12.0 The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. | 5.1 |