Vulnerabilities (CVE)

Filtered by CWE-20
Total 10060 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1979 1 Watchguard 3 Legacy Rssa, Soho, Vclass 2024-02-04 7.5 HIGH N/A
WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
CVE-2001-1584 1 Michael Barretto 1 Cardboard 2024-02-04 7.5 HIGH N/A
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
CVE-2004-1777 1 Skype Technologies 1 Skype 2024-02-04 5.0 MEDIUM N/A
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
CVE-2003-1419 1 Netscape 1 Navigator 2024-02-04 4.3 MEDIUM N/A
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
CVE-2003-1364 1 Aprelium Technologies 1 Abyss Web Server 2024-02-04 8.5 HIGH N/A
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.
CVE-2004-0244 1 Cisco 1 Ios 2024-02-04 4.7 MEDIUM N/A
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.
CVE-2003-1003 1 Cisco 2 Pix Firewall, Pix Firewall Software 2024-02-04 7.8 HIGH N/A
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
CVE-2004-1928 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-04 7.5 HIGH N/A
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
CVE-2001-0748 1 Acme Labs 1 Acme Server 2024-02-04 5.0 MEDIUM N/A
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
CVE-2002-2371 1 Linksys 1 Wet11 2024-02-04 7.8 HIGH N/A
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
CVE-1999-0721 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-04 7.8 HIGH N/A
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
CVE-2002-2228 1 Mailscanner 1 Mailscanner 2024-02-04 6.4 MEDIUM N/A
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.
CVE-2001-0566 1 Cisco 1 Catalyst 2900 2024-02-04 5.0 MEDIUM N/A
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
CVE-2001-0509 1 Microsoft 4 Exchange Server, Sql Server, Windows 2000 and 1 more 2024-02-04 5.0 MEDIUM N/A
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
CVE-2002-2338 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2024-02-04 5.0 MEDIUM N/A
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
CVE-2003-1456 4 Linux, Microsoft, Mike Bobbitt and 1 more 4 Linux Kernel, All Windows, Album.pl and 1 more 2024-02-04 5.0 MEDIUM N/A
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
CVE-2003-1487 1 Phorum 1 Phorum 2024-02-04 10.0 HIGH N/A
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
CVE-2002-2354 1 Netgear 1 Fm114p 2024-02-04 7.8 HIGH N/A
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.
CVE-2002-1175 1 Fetchmail 1 Fetchmail 2024-02-04 5.0 MEDIUM N/A
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
CVE-2023-40097 1 Google 1 Android 2024-02-02 N/A 7.8 HIGH
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.