Vulnerabilities (CVE)

Filtered by CWE-20
Total 10018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0367 2 Debian, Gnu 2 Debian Linux, Gzip 2024-02-04 2.1 LOW N/A
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-1999-0867 1 Microsoft 3 Commercial Internet System, Internet Information Server, Site Server 2024-02-04 5.0 MEDIUM N/A
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
CVE-1999-0918 1 Microsoft 4 Windows 2000, Windows 95, Windows 98 and 1 more 2024-02-04 7.8 HIGH N/A
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
CVE-1999-0265 2 Microware, Novell 2 Os-9, Netware 2024-02-04 5.0 MEDIUM N/A
ICMP redirect messages may crash or lock up a host.
CVE-2002-2421 1 Andrey Cherezov 1 Acweb 2024-02-04 7.8 HIGH N/A
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
CVE-2003-1425 1 Cpanel 1 Cpanel 2024-02-04 10.0 HIGH N/A
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
CVE-2002-1358 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2024-02-04 10.0 HIGH N/A
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2003-1365 1 Perl 1 Cgi Lite 2024-02-04 5.0 MEDIUM N/A
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.
CVE-2003-0567 1 Cisco 3 Ios, Ons 15454 Optical Transport Platform, Optical Networking Systems Software 2024-02-04 7.8 HIGH N/A
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
CVE-2003-1350 1 List Site Pro 1 List Site Pro 2024-02-04 4.3 MEDIUM N/A
List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.
CVE-2004-0840 1 Microsoft 3 Exchange Server, Windows Server 2003, Windows Xp 2024-02-04 10.0 HIGH N/A
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
CVE-2002-2420 1 Independent Solution 2 Simple Site Searcher, Super Site Searcher 2024-02-04 7.5 HIGH N/A
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
CVE-1999-0995 1 Microsoft 1 Windows Nt 2024-02-04 7.8 HIGH N/A
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
CVE-2004-1386 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-04 7.5 HIGH N/A
TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.
CVE-2003-1025 1 Microsoft 1 Internet Explorer 2024-02-04 4.3 MEDIUM N/A
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
CVE-2004-1617 1 University Of Kansas 1 Lynx 2024-02-04 5.0 MEDIUM N/A
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
CVE-2003-1485 1 Clearswift 1 Mailsweeper 2024-02-04 5.0 MEDIUM N/A
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."
CVE-2002-2406 1 Perception 1 Liteserve 2024-02-04 5.0 MEDIUM N/A
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
CVE-2002-1979 1 Watchguard 3 Legacy Rssa, Soho, Vclass 2024-02-04 7.5 HIGH N/A
WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
CVE-2001-1584 1 Michael Barretto 1 Cardboard 2024-02-04 7.5 HIGH N/A
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.