Input validation

An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash...

CVE-2017-16753

An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash...

CVE-2017-16753

CVE-2017-16753 is an improper input validation vulnerability affecting Advantech WebAccess before 8.3. WebAccess may crash due to certain inputs; CVSSv3Base 5.0 (N/A for confidentiality/integrity, Availability High) with network access and low attack complexity. ICS-CERT/NCCIC advisories (ICSA-18...

Foxit Reader JPEG2000 Image Parsing Process Information Disclosure Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. An information disclosure vulnerability exists in the JPEG2000 image parsing process in Foxit Reader version 8.3.2.25013, which results from the program failing to properly validate user-submitted data. The...

Siemens Industrial Products (Update A)

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-339-01 Siemens Industrial Products that w...

Siemens Industrial Products (Update C)

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01B Siemens Industrial Products that w...

Multiple vulnerabilities in multiple Buffalo broadband routers

Overview BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Improper Input Validation CWE-20 - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

JVN#65994435: Multiple vulnerabilities in multiple Buffalo broadband routers

BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

Siemens Industrial Products (Update S)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Remotely exploitable/low attack complexity Vendor : Siemens Equipment : Industrial Products Vulnerability : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-17-339-01 Siemens...

CVE-2017-14025

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrie...

CVE-2017-14025

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrie...

CVE-2017-14025

ABB FOX515T release 1.0 is affected by CVE-2017-14025, an improper input validation vulnerability that lets a local attacker supply a malicious parameter to a script not validated by the application, enabling retrieval of arbitrary files on the server. Impact is local and authenticated? The provi...

ABB FOX515T

CVSS v3 6.2 ATTENTION: Low skill level to exploit. Vendor: ABB Equipment: FOX515T Vulnerability: Improper Input Validation AFFECTED PRODUCTS The following versions of FOX515T, a communication interface, are affected: FOX515T release 1.0 IMPACT Successful exploitation of this vulnerability could...

GHSA-6MQ2-37J5-W6R6 WEBrick Improper Input Validation vulnerability

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

GHSA-CPJC-P7FC-J9XH Mail Improper Input Validation vulnerability

The deliver function in the sendmail delivery agent lib/mail/network/deliverymethods/sendmail.rb in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address...

Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

activesupport Improper Input Validation vulnerability

The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...

Spree Improper Input Validation vulnerability

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

actionpack Improper Input Validation vulnerability

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

Improper Input Validation in multi_xml

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...