Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-23 | CVE-2006-4936 | Improper Input Validation vulnerability in Moodle Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors. | 10.0 |
2006-09-23 | CVE-2006-4935 | Improper Input Validation vulnerability in Moodle The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors. | 10.0 |
2006-09-05 | CVE-2006-4541 | Improper Input Validation vulnerability in ISS Blackice PC Protection RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. | 4.6 |
2006-08-31 | CVE-2006-4468 | Improper Input Validation vulnerability in Joomla Joomla! Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. | 6.8 |
2006-08-31 | CVE-2006-4466 | Improper Input Validation vulnerability in Joomla 1.0.9 Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. | 5.0 |
2006-08-23 | CVE-2006-4310 | Improper Input Validation vulnerability in Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. | 4.3 |
2006-08-23 | CVE-2006-4301 | Improper Input Validation vulnerability in Microsoft IE 6.0 Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. | 5.0 |
2006-08-18 | CVE-2006-4227 | Improper Input Validation vulnerability in multiple products MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. | 6.5 |
2006-08-08 | CVE-2006-3451 | Improper Input Validation vulnerability in Microsoft IE 5.0/6 Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2006-08-08 | CVE-2006-3450 | Improper Input Validation vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. | 7.5 |