Vulnerabilities (CVE)

Filtered by CWE-20
Total 10073 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1928 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-04 7.5 HIGH N/A
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
CVE-2001-0748 1 Acme Labs 1 Acme Server 2024-02-04 5.0 MEDIUM N/A
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
CVE-2002-2371 1 Linksys 1 Wet11 2024-02-04 7.8 HIGH N/A
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
CVE-1999-0721 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-04 7.8 HIGH N/A
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
CVE-2002-2228 1 Mailscanner 1 Mailscanner 2024-02-04 6.4 MEDIUM N/A
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.
CVE-2001-0566 1 Cisco 1 Catalyst 2900 2024-02-04 5.0 MEDIUM N/A
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
CVE-2001-0509 1 Microsoft 4 Exchange Server, Sql Server, Windows 2000 and 1 more 2024-02-04 5.0 MEDIUM N/A
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
CVE-2002-2338 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2024-02-04 5.0 MEDIUM N/A
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
CVE-2003-1456 4 Linux, Microsoft, Mike Bobbitt and 1 more 4 Linux Kernel, All Windows, Album.pl and 1 more 2024-02-04 5.0 MEDIUM N/A
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
CVE-2003-1487 1 Phorum 1 Phorum 2024-02-04 10.0 HIGH N/A
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
CVE-2002-2354 1 Netgear 1 Fm114p 2024-02-04 7.8 HIGH N/A
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.
CVE-2002-1175 1 Fetchmail 1 Fetchmail 2024-02-04 5.0 MEDIUM N/A
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
CVE-2023-40097 1 Google 1 Android 2024-02-02 N/A 7.8 HIGH
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.