An input validation error within the web interface of Dreambox model DM500C allows for a denial of service condition.
b07f925091a95eb3ffd99e8e205d865b485e692d12f1fceebd5a4600fea29e9e
Red Hat Security Advisory 2012-1102-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message.
8d8905da6f3429379dbb0297932d8d8f8669f30ac3e8f57d9cc8c0e9d64d608f
Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
9f38f2c466a44dab2094051c875f326f59d70477de49fef91e359f752d0711a2
Red Hat Security Advisory 2012-1068-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
9b8cc3d6b38e2111d60fdfee4ec23c909e47ef0065bfe35afe96de8f3a189f19
This Metasploit module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This Metasploit module was tested against version 10.0.12.36 (10r12_36).
93d7262043fea9cda6bcae5df8301841074b655ead8497ddc9cbc8fb6a8f410c
The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.
5e603b28ddbe1a91965a76ce7952b5d0185b5857eec6494e0a37c3d54ff9dd84
Microsoft Bing's Flash editor suffers from an input validation vulnerability that can lead to cross site scripting attacks.
7db7ba6f70e95039239d765d4aeb5b8090c822c565c7ff69ae6a471fe19d3fcc
Red Hat Security Advisory 2012-0332-01 - Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server.
83217c4f85e67c38de8250edb78839110461105a09c8ced94de19612811108b2
Red Hat Security Advisory 2011-1791-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
9462f28ff2caece7931bb6bc345528dd2407fca7d2940e8d4d8ed21ebb083998
Barracuda Archiver 650 suffers from an input validation vulnerability that allows for cross site scripting.
8311ac5b0ba1b2730a3621f198446ba2ff4e2eaa087944ee670e7d18d1053235
Barack Obama Website Service suffers from an input validation vulnerability that allows for manipulation of mails from info@barackobama.com.
aff76b30114d96a540f6ee6845fbdec7314be58af23fce558803643e14e5b451
This Metasploit module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable, this module was only tested against VLC. NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to permanently enable NX support on machines that support it. As such, this module is capable of bypassing DEP, but not ASLR.
e72918bb99176c250a3e97631e70871f2208d1f45b7278b1b4936f047fb968a6
A potential cross site scripting vulnerability has been identified in RSA? Adaptive Authentication (On-Premise) that could be exploited in certain circumstances. This is due to an input validation error in a Flash Shockwave file provided by the Adaptive Authentication system.
a83fabf54ed5f3331ab76f5aae6561209b00f4bf7ffb46fbdc69a206932bb910
This Metasploit module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to guess default authentication keys. This Metasploit module abuses the known default encryption keys to inject a message into the communication bus. In order to execute arbitrary commands on the remote appliance, a message is injected into the bus destined for the 'matchrep' service. This service exposes a function named 'insert_plugin_meta_info' which is vulnerable to an input validation flaw in a call to system(). This provides access to the 'soggycat' user account, which has sudo privileges to run the primary admin tool as root. These two flaws are fixed in update version FTA_8_0_562.
adc6990f1cf99e26413f21f398ece6121bbb6179c5ffc9a96eea0dee3107fd02
This Metasploit module exploits an input validation error in VideoLAN VLC < 1.1.7. By creating a malicious MKV or WebM file, a remote attacker could execute arbitrary code.
089c03cdcf6cbedcf40c0da3c8c00719db381e766eff4249410bb2a906521f96
Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
9dba3d0d50ecb04d6b0e88ad279009be8dcf8e519a8e80f0bd5acd274e688272
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by an input validation error when processing certain elements in a Ghost record, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
d6d6390958f92ed07b4d2c5e15709f7fef6986c9aa26a8f34895fff6fa8a4354
Miyabi CGI Tools suffers from an input validation vulnerability that allows for command execution.
3bcc4da048839b8dfd8b07d5b25add2768909fb2cea91e66166114fc924d3d10
This is a simple script that attempts to check if a CGI script suffers from an input validation command execution vulnerability.
ee39234eb7bfde6be7b06a471b85c22615c756334e75f9853f44970c002c335b
Remote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.
a93c7b1bf48d73b062e00b4bcc020d13797e54a1c0439e6efadd535c2fdb2b1b
iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.
d0efdc32584a23be37a59e4491447cc4ca499652cf899ad6b592297321df9b3a
Secunia Research has discovered a vulnerability in PDF-XChange Viewer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in PDFXCview.exe when parsing certain content and can be exploited to corrupt memory via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code when a user views a malicious PDF document. Version 2.0.42.9 is affected.
36f2f06b262e07847556ef576c5b785fa57619456184ad7d88d279bc75e296b6
Secunia Research has discovered a vulnerability in IBM Tivoli Storage Manager Client, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an input validation error in the CAD service. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet via TCP. Successful exploitation allows execution of arbitrary code. IBM Tivoli Storage Manager Express Client version 5.3.6.2 is affected.
d162501f8a502894ddca76f531d423886089eb16e3f1abdd39eaa04d684d2343
Gentoo Linux Security Advisory GLSA 200909-06 - An input validation error in aMule enables remote attackers to pass arbitrary parameters to a victim's media player. Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Versions less than 2.2.5 are affected.
549bba9d231e2ec336525be367bc903eb6581d550c040ffdedb42f4970b258f3
VMware Security Advisory - An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
e109e18e41b40196e0d8522ebb8cb0eb6a3c6ead5745495b47f1cb7c4dec62ed
iDefense Security Advisory 05.14.09 -Local exploitation of an index validation vulnerability in Apple Inc.'s Mac OS X xnu kernel could allow an attacker to execute arbitrary code in the security context of the kernel. The Mac OS X xnu (Mach) kernel implements workqueues. This allows the kernel to schedule events to take place in a task. An input validation error exists within this implementation, which can lead to execution of arbitrary code in the kernel. Apple Inc.'s Mac OS X 10.5.2 and earlier is considered vulnerable to this issue.
ed4e7b2fc134914f7bdc9f1008e2d35746dfd1067a45e9a131b5af02148a1720