CVE & Exploit Intelligence Database

CVE-2001-0748 1 PoC Analysis EPSS 0.12

Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.

CWE-20 Oct 18, 2001

CVE-2001-0509 EPSS 0.13

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

CWE-20 Sep 20, 2001

CVE-2001-0566 1 PoC Analysis EPSS 0.16

Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.

CWE-20 Aug 14, 2001

CVE-2001-0427 EPSS 0.01

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

CWE-20 Jun 18, 2001

CVE-2000-0400 1 PoC Analysis EPSS 0.16

The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.

CWE-20 May 13, 2000

CVE-2000-0380 2 PoCs Analysis EPSS 0.85

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

CWE-20 Apr 26, 2000

CVE-2000-0258 7.5 HIGH EPSS 0.20

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

CWE-20 Apr 12, 2000

CVE-1999-0001 EPSS 0.01

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

CWE-20 Dec 30, 1999

CVE-1999-0995 EPSS 0.28

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

CWE-20 Dec 16, 1999

CVE-1999-1547 EPSS 0.01

Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.

CWE-20 Nov 25, 1999

CVE-1999-0999 1 PoC Analysis EPSS 0.16

Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

CWE-20 Nov 19, 1999

CVE-1999-0867 1 PoC Analysis EPSS 0.19

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

CWE-20 Aug 11, 1999

CVE-1999-0721 EPSS 0.19

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

CWE-20 Jul 20, 1999

CVE-1999-0918 3 PoCs Analysis EPSS 0.47

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

CWE-20 Jul 03, 1999

CVE-1999-0726 EPSS 0.15

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

CWE-20 Jun 30, 1999

CVE-1999-0265 EPSS 0.01

ICMP redirect messages may crash or lock up a host.

CWE-20 Jan 01, 1997