Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-09-06 | CVE-2007-4732 | Improper Input Validation vulnerability in SUN Solaris 10.0/8.0/9.0 Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function. | 4.9 |
2007-09-04 | CVE-2007-4664 | Improper Input Validation vulnerability in Firebirdsql Firebird Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405. | 7.5 |
2007-09-04 | CVE-2007-3998 | Improper Input Validation vulnerability in multiple products The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | 5.0 |
2007-08-31 | CVE-2007-4636 | Improper Input Validation vulnerability in PHPbg 0.9.1 Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php. | 7.5 |
2007-08-31 | CVE-2007-4635 | Improper Input Validation vulnerability in Yahoo Messenger 8.1.0.209/8.1.0.402 Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. | 5.0 |
2007-08-31 | CVE-2007-2931 | Improper Input Validation vulnerability in Microsoft MSN Messenger and Windows Live Messenger Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. | 9.3 |
2007-08-31 | CVE-2007-4612 | Improper Input Validation vulnerability in Dale Mooney Contact Form CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. | 4.3 |
2007-08-31 | CVE-2007-4467 | Improper Input Validation vulnerability in Oracle Jinitiator Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected. | 9.3 |
2007-08-29 | CVE-2007-4221 | Improper Input Validation vulnerability in Motorola Timbuktu 8.6.3.1367 Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name. | 10.0 |
2007-08-28 | CVE-2007-4561 | Improper Input Validation vulnerability in Realnetworks Helix DNA Server Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. | 10.0 |