Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-17 | CVE-2007-3654 | Improper Input Validation vulnerability in Netbsd The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function. | 2.1 |
| 2007-09-17 | CVE-2007-4905 | Improper Input Validation vulnerability in Auracms 2.1 Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/. | 7.5 |
| 2007-09-14 | CVE-2007-4887 | Improper Input Validation vulnerability in PHP The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. | 4.3 |
| 2007-09-12 | CVE-2007-4844 | Improper Input Validation vulnerability in X-Diesel Unreal Commander 0.92Build565/0.92Build573 X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting. | 4.3 |
| 2007-09-12 | CVE-2007-4841 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. | 9.3 |
| 2007-09-12 | CVE-2007-4840 | Improper Input Validation vulnerability in PHP PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. | 5.0 |
| 2007-09-12 | CVE-2007-4752 | Improper Input Validation vulnerability in Openbsd Openssh ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. | 7.5 |
| 2007-09-10 | CVE-2007-4787 | Improper Input Validation vulnerability in Sophos Scanning Engine and Sophos Anti-Virus The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. | 5.0 |
| 2007-09-10 | CVE-2007-4784 | Improper Input Validation vulnerability in PHP The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. | 5.0 |
| 2007-09-10 | CVE-2007-4783 | Improper Input Validation vulnerability in PHP The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. | 5.0 |