Total
10073 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1425 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 10.0 HIGH | N/A |
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter. | |||||
CVE-2002-1358 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | |||||
CVE-2003-1365 | 1 Perl | 1 Cgi Lite | 2024-02-04 | 5.0 MEDIUM | N/A |
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | |||||
CVE-2003-0567 | 1 Cisco | 3 Ios, Ons 15454 Optical Transport Platform, Optical Networking Systems Software | 2024-02-04 | 7.8 HIGH | N/A |
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. | |||||
CVE-2003-1350 | 1 List Site Pro | 1 List Site Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field. | |||||
CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2024-02-04 | 10.0 HIGH | N/A |
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | |||||
CVE-2002-2420 | 1 Independent Solution | 2 Simple Site Searcher, Super Site Searcher | 2024-02-04 | 7.5 HIGH | N/A |
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
CVE-1999-0995 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 7.8 HIGH | N/A |
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." | |||||
CVE-2004-1386 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 7.5 HIGH | N/A |
TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200. | |||||
CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | |||||
CVE-2004-1617 | 1 University Of Kansas | 1 Lynx | 2024-02-04 | 5.0 MEDIUM | N/A |
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value. | |||||
CVE-2003-1485 | 1 Clearswift | 1 Mailsweeper | 2024-02-04 | 5.0 MEDIUM | N/A |
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space." | |||||
CVE-2002-2406 | 1 Perception | 1 Liteserve | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request. | |||||
CVE-2002-1979 | 1 Watchguard | 3 Legacy Rssa, Soho, Vclass | 2024-02-04 | 7.5 HIGH | N/A |
WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server. | |||||
CVE-2001-1584 | 1 Michael Barretto | 1 Cardboard | 2024-02-04 | 7.5 HIGH | N/A |
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field. | |||||
CVE-2004-1777 | 1 Skype Technologies | 1 Skype | 2024-02-04 | 5.0 MEDIUM | N/A |
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. | |||||
CVE-2003-1419 | 1 Netscape | 1 Navigator | 2024-02-04 | 4.3 MEDIUM | N/A |
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | |||||
CVE-2003-1364 | 1 Aprelium Technologies | 1 Abyss Web Server | 2024-02-04 | 8.5 HIGH | N/A |
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields. | |||||
CVE-2004-0244 | 1 Cisco | 1 Ios | 2024-02-04 | 4.7 MEDIUM | N/A |
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. | |||||
CVE-2003-1003 | 1 Cisco | 2 Pix Firewall, Pix Firewall Software | 2024-02-04 | 7.8 HIGH | N/A |
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. |