Vulnerabilities (CVE)

Filtered by CWE-20
Total 10073 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1425 1 Cpanel 1 Cpanel 2024-02-04 10.0 HIGH N/A
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
CVE-2002-1358 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2024-02-04 10.0 HIGH N/A
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2003-1365 1 Perl 1 Cgi Lite 2024-02-04 5.0 MEDIUM N/A
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.
CVE-2003-0567 1 Cisco 3 Ios, Ons 15454 Optical Transport Platform, Optical Networking Systems Software 2024-02-04 7.8 HIGH N/A
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
CVE-2003-1350 1 List Site Pro 1 List Site Pro 2024-02-04 4.3 MEDIUM N/A
List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.
CVE-2004-0840 1 Microsoft 3 Exchange Server, Windows Server 2003, Windows Xp 2024-02-04 10.0 HIGH N/A
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
CVE-2002-2420 1 Independent Solution 2 Simple Site Searcher, Super Site Searcher 2024-02-04 7.5 HIGH N/A
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
CVE-1999-0995 1 Microsoft 1 Windows Nt 2024-02-04 7.8 HIGH N/A
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
CVE-2004-1386 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-04 7.5 HIGH N/A
TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.
CVE-2003-1025 1 Microsoft 1 Internet Explorer 2024-02-04 4.3 MEDIUM N/A
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
CVE-2004-1617 1 University Of Kansas 1 Lynx 2024-02-04 5.0 MEDIUM N/A
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
CVE-2003-1485 1 Clearswift 1 Mailsweeper 2024-02-04 5.0 MEDIUM N/A
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."
CVE-2002-2406 1 Perception 1 Liteserve 2024-02-04 5.0 MEDIUM N/A
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
CVE-2002-1979 1 Watchguard 3 Legacy Rssa, Soho, Vclass 2024-02-04 7.5 HIGH N/A
WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
CVE-2001-1584 1 Michael Barretto 1 Cardboard 2024-02-04 7.5 HIGH N/A
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
CVE-2004-1777 1 Skype Technologies 1 Skype 2024-02-04 5.0 MEDIUM N/A
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
CVE-2003-1419 1 Netscape 1 Navigator 2024-02-04 4.3 MEDIUM N/A
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
CVE-2003-1364 1 Aprelium Technologies 1 Abyss Web Server 2024-02-04 8.5 HIGH N/A
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.
CVE-2004-0244 1 Cisco 1 Ios 2024-02-04 4.7 MEDIUM N/A
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.
CVE-2003-1003 1 Cisco 2 Pix Firewall, Pix Firewall Software 2024-02-04 7.8 HIGH N/A
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.