Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-10 | CVE-2007-4781 | Improper Input Validation vulnerability in Joomla 1.5.0Beta1/1.5.0Beta2/1.5.0Rc1 administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter. | 6.6 |
| 2007-09-10 | CVE-2007-4780 | Improper Input Validation vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | 6.8 |
| 2007-09-10 | CVE-2007-3912 | Improper Input Validation vulnerability in Debian Debian-Goodies 0.27/0.33 checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | 7.2 |
| 2007-09-08 | CVE-2007-4761 | Improper Input Validation vulnerability in Matteo Barbo91 1.1 Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. | 7.5 |
| 2007-09-08 | CVE-2007-4757 | Improper Input Validation vulnerability in PHPmytourney PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter. | 7.5 |
| 2007-09-08 | CVE-2007-4755 | Improper Input Validation vulnerability in COR Entertainment Alien Arena 2007 Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. | 5.0 |
| 2007-09-06 | CVE-2007-4744 | Improper Input Validation vulnerability in Anyinventory 1.9.1/2.0 PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter. | 6.8 |
| 2007-09-06 | CVE-2007-3913 | Improper Input Validation vulnerability in Gforge SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-09-06 | CVE-2007-4742 | Improper Input Validation vulnerability in Claroline Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. | 4.3 |
| 2007-09-06 | CVE-2007-4738 | Improper Input Validation vulnerability in Speedtech Stphplibrary 0.8.0 Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. | 7.5 |