Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-27 | CVE-2005-3330 | Improper Input Validation vulnerability in Snoopy 1.2 The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function. | 7.5 |
| 2005-10-12 | CVE-2005-3183 | Improper Input Validation vulnerability in W3C Libwww The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. | 4.3 |
| 2005-09-26 | CVE-2005-3055 | Improper Input Validation vulnerability in multiple products Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | 2.1 |
| 2005-09-06 | CVE-2005-2806 | Improper Input Validation vulnerability in Trevor Hogan Bnbt 7.5Betarelease2/7.5Betarelease3/7.720041027R3 client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers to cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error due to a missing field name or value. | 5.0 |
| 2005-08-01 | CVE-2005-2405 | Improper Input Validation vulnerability in Opera Browser 8.01 Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code. | 5.0 |
| 2005-07-11 | CVE-2005-2177 | Improper Input Validation vulnerability in Net-Snmp Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. | 5.0 |
| 2005-05-27 | CVE-2005-1795 | Improper Input Validation vulnerability in Clam Anti-Virus Clamav The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. | 7.5 |
| 2005-05-27 | CVE-2005-1787 | Improper Input Validation vulnerability in PHPstat setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable. | 7.5 |
| 2005-05-04 | CVE-2005-1330 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception. | 4.9 |
| 2005-05-03 | CVE-2005-1398 | Improper Input Validation vulnerability in PHPcart 3.2/3.4/4.6.4 phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. | 5.0 |