Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-02 | CVE-2006-7070 | Improper Input Validation vulnerability in Etomite 0.6 Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function. | 7.5 |
| 2007-02-26 | CVE-2007-1097 | Improper Input Validation vulnerability in Wiclear Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. | 10.0 |
| 2007-02-13 | CVE-2007-0908 | Improper Input Validation vulnerability in multiple products The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. | 5.0 |
| 2007-02-13 | CVE-2007-0208 | Improper Input Validation vulnerability in Microsoft products Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. | 9.3 |
| 2007-02-08 | CVE-2006-6979 | Improper Input Validation vulnerability in Amarok The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. | 7.5 |
| 2007-02-08 | CVE-2006-2220 | Improper Input Validation vulnerability in PHPbb 2.0.20 phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. | 5.0 |
| 2007-02-08 | CVE-2006-2219 | Improper Input Validation vulnerability in PHPbb Group PHPbb 2.0.20 phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. | 5.0 |
| 2007-02-07 | CVE-2007-0802 | Improper Input Validation vulnerability in multiple products Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | 6.4 |
| 2007-02-03 | CVE-2007-0683 | Improper Input Validation vulnerability in Omegaboard Project Omegaboard 1.0 PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
| 2007-01-29 | CVE-2006-6956 | Improper Input Validation vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |