Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-31 | CVE-2007-2967 | Improper Input Validation vulnerability in F-Secure products Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. | 10.0 |
| 2007-05-30 | CVE-2007-2884 | Improper Input Validation vulnerability in Microsoft Visual Basic 6.0 Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. | 9.3 |
| 2007-05-18 | CVE-2007-2764 | Improper Input Validation vulnerability in Linux Kernel The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors. | 7.8 |
| 2007-05-17 | CVE-2007-1693 | Improper Input Validation vulnerability in Yate YET Another Telephony Engine 1.1.0 The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter. | 7.8 |
| 2007-05-09 | CVE-2007-2509 | Improper Input Validation vulnerability in PHP CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. | 2.6 |
| 2007-05-08 | CVE-2007-1202 | Improper Input Validation vulnerability in Microsoft Word, Word Viewer and Works Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." | 6.8 |
| 2007-05-08 | CVE-2007-0213 | Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007 Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | 10.0 |
| 2007-05-08 | CVE-2007-0035 | Improper Input Validation vulnerability in Microsoft Office and Works Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." | 9.3 |
| 2007-04-27 | CVE-2007-2322 | Improper Input Validation vulnerability in Nero Mediahome and Mediahome CE NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. | 7.8 |
| 2007-04-26 | CVE-2007-2292 | Improper Input Validation vulnerability in multiple products CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. | 4.3 |