Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-14 | CVE-2007-1441 | Improper Input Validation vulnerability in RIM Blackberry, Blackberry 8100 and Blackberry Browser The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page. | 4.3 |
2007-03-13 | CVE-2007-1426 | Improper Input Validation vulnerability in Astrocam The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "fills up the message queue." | 7.8 |
2007-03-07 | CVE-2006-7160 | Improper Input Validation vulnerability in Agnitum Outpost Firewall The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions. | 4.9 |
2007-03-07 | CVE-2006-7139 | Improper Input Validation vulnerability in KDE K-Mail 1.9.1 Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. | 2.6 |
2007-03-06 | CVE-2006-7113 | Improper Input Validation vulnerability in Planerd.Net P-News Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. | 7.5 |
2007-03-05 | CVE-2007-1277 | Improper Input Validation vulnerability in Wordpress 2.1.1 WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php. | 7.5 |
2007-03-03 | CVE-2007-1257 | Improper Input Validation vulnerability in Cisco products The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. | 10.0 |
2007-03-03 | CVE-2007-1235 | Improper Input Validation vulnerability in BJ Sintay Sitex 0.7.3 Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file. | 7.5 |
2007-03-02 | CVE-2007-1155 | Improper Input Validation vulnerability in Webspell Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. | 4.6 |
2007-03-02 | CVE-2007-1136 | Improper Input Validation vulnerability in Webmplayer index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. | 6.8 |