Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-12-31 | CVE-2003-1402 | Improper Input Validation vulnerability in Kietu 2.0/2.3 PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. | 7.5 |
2003-12-31 | CVE-2003-1365 | Improper Input Validation vulnerability in Perl CGI Lite 2.0 The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | 5.0 |
2003-12-31 | CVE-2003-1364 | Improper Input Validation vulnerability in Aprelium Technologies Abyss web Server 1.1.2 Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields. | 8.5 |
2003-12-31 | CVE-2003-1350 | Improper Input Validation vulnerability in List Site PRO List Site PRO 2.0 List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field. | 4.3 |
2003-12-31 | CVE-2003-1209 | Improper Input Validation vulnerability in Monkey-Project Monkey The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header. | 5.0 |
2003-12-15 | CVE-2003-0795 | Improper Input Validation vulnerability in multiple products The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | 5.0 |
2003-08-18 | CVE-2003-0567 | Improper Input Validation vulnerability in Cisco products Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. | 7.8 |
2003-07-02 | CVE-2003-0367 | Improper Input Validation vulnerability in multiple products znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2002-12-31 | CVE-2002-2423 | Improper Input Validation vulnerability in Sendmail Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. | 6.4 |
2002-12-31 | CVE-2002-2421 | Improper Input Validation vulnerability in Andrey Cherezov Acweb 1.14 acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2. | 7.8 |