Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-03 | CVE-2006-6241 | Improper Input Validation vulnerability in Telnet FTP Server Telnet FTP Server 1.0 Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to cause a denial of service (crash) via consecutive RETR commands. | 4.0 |
| 2006-11-29 | CVE-2006-6168 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." | 7.5 |
| 2006-11-21 | CVE-2006-5990 | Improper Input Validation vulnerability in VMWare Virtualcenter 1.4.1/2.0.1 VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. | 4.0 |
| 2006-11-17 | CVE-2006-5793 | Improper Input Validation vulnerability in Greg Roelofs Libpng The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. | 2.6 |
| 2006-11-16 | CVE-2006-5938 | Improper Input Validation vulnerability in Grisoft AVG Antivirus Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file. | 10.0 |
| 2006-10-27 | CVE-2006-5559 | Improper Input Validation vulnerability in Microsoft Data Access Components 2.5/2.7/2.8 The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. | 9.3 |
| 2006-10-17 | CVE-2006-5313 | Improper Input Validation vulnerability in Hastymail Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. | 6.5 |
| 2006-10-12 | CVE-2006-4842 | Improper Input Validation vulnerability in multiple products The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | 3.6 |
| 2006-09-29 | CVE-2006-5084 | Improper Input Validation vulnerability in Skype Technologies Skype Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference. | 7.5 |
| 2006-09-23 | CVE-2006-4936 | Improper Input Validation vulnerability in Moodle Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors. | 10.0 |