Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-12 | CVE-2007-1995 | Improper Input Validation vulnerability in Quagga bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | 6.3 |
| 2007-04-10 | CVE-2007-1922 | Improper Input Validation vulnerability in Nullsoft Winamp 5.33 The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. | 9.3 |
| 2007-04-02 | CVE-2007-1803 | Improper Input Validation vulnerability in Maildwarf Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses. | 5.0 |
| 2007-04-02 | CVE-2007-1793 | Improper Input Validation vulnerability in Symantec products SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. | 4.9 |
| 2007-03-30 | CVE-2007-1349 | Improper Input Validation vulnerability in multiple products PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | 5.0 |
| 2007-03-24 | CVE-2007-1666 | Improper Input Validation vulnerability in Datarescue IDA PRO 5.0/5.1 The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions. | 10.0 |
| 2007-03-21 | CVE-2007-1313 | Improper Input Validation vulnerability in Netxautomation Netxeib 3.0 NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. | 7.5 |
| 2007-03-20 | CVE-2006-7171 | Improper Input Validation vulnerability in Koan Software Mega Mall product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. | 5.0 |
| 2007-03-16 | CVE-2007-1478 | Improper Input Validation vulnerability in Mcgallery 0.5B download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter. | 5.0 |
| 2007-03-16 | CVE-2007-1476 | Improper Input Validation vulnerability in Symantec products The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855. | 1.9 |