Vulnerabilities (CVE)

Filtered by CWE-20
Total 10018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-2236 1 Apt-www-proxy 1 Apt-www-proxy 2024-02-04 10.0 HIGH N/A
Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.
CVE-2002-2325 1 University Of Washington 1 Pine 2024-02-04 7.8 HIGH N/A
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.
CVE-2003-1443 1 Kaspersky Lab 1 Kaspersky Anti-virus 2024-02-04 4.4 MEDIUM N/A
Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com.
CVE-2002-2415 1 Alliedtelesyn 2 At-8024, Rapier 24 2024-02-04 6.8 MEDIUM N/A
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
CVE-2003-0368 1 Nokia 1 Ggsn 2024-02-04 5.0 MEDIUM N/A
Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.
CVE-2002-1874 1 Astrocam 1 Astrocam 2024-02-04 10.0 HIGH N/A
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
CVE-2003-1405 1 Dotbr 1 Botbr 2024-02-04 7.5 HIGH N/A
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.
CVE-2004-1675 1 Solarwinds 1 Serv-u File Server 2024-02-04 5.0 MEDIUM N/A
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
CVE-2002-2322 1 Ultimate Php Board 1 Ultimate Php Board 2024-02-04 5.0 MEDIUM N/A
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.
CVE-2003-0795 3 Gnu, Quagga, Sgi 3 Zebra, Quagga, Propack 2024-02-04 5.0 MEDIUM N/A
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
CVE-1999-1547 1 Oracle 1 Web Listener 2024-02-04 7.5 HIGH N/A
Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.
CVE-2002-2365 1 Springer Verlag Berlin Heidelberg 1 Simple Wais 2024-02-04 10.0 HIGH N/A
Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.
CVE-2002-0146 1 Fetchmail 1 Fetchmail 2024-02-04 5.0 MEDIUM N/A
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
CVE-2002-1360 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2024-02-04 10.0 HIGH N/A
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2003-1471 1 Alt-n 1 Mdaemon 2024-02-04 6.3 MEDIUM N/A
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.
CVE-2002-2328 1 Microsoft 1 Windows 2000 2024-02-04 7.1 HIGH N/A
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
CVE-2002-1663 1 Monkey-project 1 Monkey 2024-02-04 5.0 MEDIUM N/A
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
CVE-2003-1444 1 Kaspersky Lab 1 Kaspersky Anti-virus 2024-02-04 4.4 MEDIUM N/A
Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname.
CVE-2001-0427 1 Cisco 6 Vpn 3000 Concentrator, Vpn 3005 Concentrator, Vpn 3015 Concentrator and 3 more 2024-02-04 7.1 HIGH N/A
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
CVE-2003-1450 1 Bitchx 1 Bitchx 2024-02-04 5.0 MEDIUM N/A
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.