Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-27 | CVE-2007-3757 | Improper Input Validation vulnerability in Apple Safari Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. | 4.3 |
| 2007-09-27 | CVE-2007-3755 | Improper Input Validation vulnerability in Apple Iphone and Iphone OS Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. | 4.3 |
| 2007-09-27 | CVE-2007-3753 | Improper Input Validation vulnerability in Apple Iphone and Iphone OS Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. | 7.5 |
| 2007-09-27 | CVE-2007-5130 | Improper Input Validation vulnerability in Boesch-It Simpgb 1.46.02 SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages. | 4.3 |
| 2007-09-27 | CVE-2007-5128 | Improper Input Validation vulnerability in multiple products SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | 5.0 |
| 2007-09-27 | CVE-2007-5119 | Improper Input Validation vulnerability in Jspwiki 2.4.103/2.5.139Beta JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information (full path) via an invalid integer in the version parameter to the default URI under attach/Main/. | 4.3 |
| 2007-09-27 | CVE-2007-4993 | Improper Input Validation vulnerability in Xensource INC XEN 3.0.3 pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements. | 6.9 |
| 2007-09-26 | CVE-2007-5095 | Improper Input Validation vulnerability in Microsoft Windows Media Player 9 Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. | 7.5 |
| 2007-09-26 | CVE-2007-5086 | Improper Input Validation vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. | 2.1 |
| 2007-09-24 | CVE-2007-5066 | Improper Input Validation vulnerability in Webmin Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. | 9.0 |