Total
9732 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | |||||
CVE-2003-1441 | 1 Posadis | 1 Posadis | 2024-02-28 | 4.3 MEDIUM | N/A |
Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference. | |||||
CVE-2004-1386 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-28 | 7.5 HIGH | N/A |
TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200. | |||||
CVE-2002-1358 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2024-02-28 | 10.0 HIGH | N/A |
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | |||||
CVE-2003-1403 | 1 Dotbr | 1 Botbr | 2024-02-28 | 7.5 HIGH | N/A |
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
CVE-2003-1471 | 1 Alt-n | 1 Mdaemon | 2024-02-28 | 6.3 MEDIUM | N/A |
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. | |||||
CVE-1999-0265 | 2 Microware, Novell | 2 Os-9, Netware | 2024-02-28 | 5.0 MEDIUM | N/A |
ICMP redirect messages may crash or lock up a host. | |||||
CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||||
CVE-1999-1547 | 1 Oracle | 1 Web Listener | 2024-02-28 | 7.5 HIGH | N/A |
Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. | |||||
CVE-2003-1365 | 1 Perl | 1 Cgi Lite | 2024-02-28 | 5.0 MEDIUM | N/A |
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | |||||
CVE-2003-1402 | 1 Kietu | 1 Kietu | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. | |||||
CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-02-28 | 5.0 MEDIUM | N/A |
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | |||||
CVE-2001-0427 | 1 Cisco | 6 Vpn 3000 Concentrator, Vpn 3005 Concentrator, Vpn 3015 Concentrator and 3 more | 2024-02-28 | 7.1 HIGH | N/A |
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. | |||||
CVE-2003-1440 | 1 Burton Computer Corporation | 1 Spamprobe | 2024-02-28 | 4.3 MEDIUM | N/A |
SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions. | |||||
CVE-2002-2354 | 1 Netgear | 1 Fm114p | 2024-02-28 | 7.8 HIGH | N/A |
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. | |||||
CVE-2002-1175 | 1 Fetchmail | 1 Fetchmail | 2024-02-28 | 5.0 MEDIUM | N/A |
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary. | |||||
CVE-1999-0726 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 7.8 HIGH | N/A |
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. | |||||
CVE-2004-1777 | 1 Skype Technologies | 1 Skype | 2024-02-28 | 5.0 MEDIUM | N/A |
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. | |||||
CVE-2000-0400 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. | |||||
CVE-1999-0995 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.8 HIGH | N/A |
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." |