The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,669 vulnerabilities with CWE-20
CVE-2004-1386
TikiWiki < 1.8.4.1 - Arbitrary PHP Script Upload via Image Upload
CVE-2004-1777
Skype < 0.98.0.28 - Denial of Service via Long Command Line Arguments or callto:// URL
CVE-2004-2533
Serv-U FTP Server 4.1 - Denial of Service via SITE CHMOD Command
CVE-2004-2592
Quake II Server - Denial of Service via Negative Array Offset in Configstrings and Baselines
CVE-2004-2596
Quake II Server - Denial of Service via Connection Slot Exhaustion
CVE-2004-2649
Eudora 6.1.0.6 - URL Obfuscation via Status Bar Character Injection
CVE-2004-2706
Gyach Enhanced < 1.0.4 - Denial of Service via Conference Packet Error Messages
CVE-2004-0244
Cisco IOS - Denial of Service via Layer 2 Frame with Inconsistent Length Values
CVE-2004-0276
monkey-project/monkey < 0.8.1 - Denial of Service via Malformed HTTP Request
CVE-2004-0840
Microsoft Windows XP 64-bit Edition - RCE
CVE-2004-1617
Lynx < 2.8.6dev.8 - Denial of Service via Large TEXTAREA COLS Value
CVE-2004-1675
Serv-U File Server 4.x-5.x - Denial of Service via STOU Command with MS-DOS Device Name
CVE-2004-1928
Tiki CMS/Groupware < 1.8.1 - Arbitrary File Upload via Image Upload Feature
CVE-2003-1569
GoAhead WebServer < 2.1.5 - Denial of Service via Device Name Path Component
CVE-2003-1568
GoAhead WebServer < 2.1.6 - Denial of Service via Invalid URL in websSafeUrl
CVE-2003-0825
Microsoft Windows Server <2003 - DoS
CVE-2003-0368
Nokia Gateway GPRS support node - DoS
CVE-2003-1025
Internet Explorer 5.01-6 SP1 - URL Spoofing via %01 Character in User@Domain Portion
CVE-2003-1003
Cisco PIX Firewall 5.x.x and <= 6.3.1 - Denial of Service via SNMPv3 Message
CVE-2003-1209
Monkey HTTP Daemon < 0.6.2 - Denial of Service via POST Request Without Content-Type Header
CVE-2003-1350
List Site Pro 2.0 - Account Hijacking via Banner URL Field Delimiter Injection
CVE-2003-1364
Aprelium Technologies Abyss Web Server 1.1.2 - Denial of Service via Empty Connection or Range Fields
CVE-2003-1365
CGI::Lite <= 2.0 - Improper Input Validation in escape_dangerous_chars
CVE-2003-1402
Kietu 2.0 and 2.3 - Remote Code Execution via hit.php url_hit Parameter
CVE-2003-1403
DotBr botbr 0.1 - Information Disclosure via foo.php3 Direct Request
Details
Vulnerabilities
12,669
Exploit Likelihood
High