CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,669 vulnerabilities with CWE-20
CVE-2002-1663
Monkey HTTP Daemon < 0.5.1 - Denial of Service via Invalid Content-Length Header
CVE-2002-1874
AstroCam 0.9-1-1-1.4.0 - Remote Command Execution via Shell Metacharacters
CVE-2002-1979
WatchGuard SOHO < 5.1.6 and Vclass/RSSA < 3.2 SP1 - Firewall Rule Bypass via FTP PASV Command Injection
CVE-2002-2228
MailScanner < 3.2_6-1 - Attachment Protection Bypass via Filename Manipulation
CVE-2002-2236
apt-www-proxy 0.1 - Remote Code Execution via Format String in awp_log Function
CVE-2002-2237
tftp32 TFTP server <= 2.21 - Denial of Service via DOS Device Name GET Request
CVE-2002-2239
Cisco IOS 12.1(8)E-12.1(13.4)E - Denial of Service via Malformed Packet
CVE-2002-2314
Mozilla 1.0 - Cookie Theft via JavaScript URL with Leading Slashes and Newline
CVE-2002-2322
Ultimate PHP Board 1.0b - Unprotected User Data Exposure via Insecure users.dat File
CVE-2002-2325
Pine 4.20-4.44 - Denial of Service via Empty MIME Boundary Field
CVE-2002-2328
Windows 2000 Active Directory - Denial of Service via LDAP Page Length Zero
CVE-2002-2329
ICQ 2001b 2002a 2002b - Denial of Service via Emoticon Message
CVE-2002-2338
Mozilla and Netscape Communicator - Denial of Service via POP3 Mail Message Newline Handling
CVE-2002-2354
Netgear FM114P - Denial of Service via TCP Connection Flood
CVE-2002-2365
Simple WAIS 1.11 - Remote Command Execution via Search Field
CVE-2002-2371
Linksys WET11 1.31-1.32 - Denial of Service via Spoofed Source MAC Address
CVE-2002-2393
Serv-U File Server 3.0-4.0.0.4 - Denial of Service via MKD Command
CVE-2002-2406
LiteServe 2.0-2.0.2 - Denial of Service via Percent Character Overflow in HTTP GET Request
CVE-2002-2415
Allied Telesyn AT-8024 and Rapier 24 - Authenticated Denial of Service via UDP Null Byte Stream
CVE-2002-2420
Super Site Searcher - Remote Command Execution via Page Parameter
CVE-2002-2421
acWEB 1.14 - Denial of Service via MS-DOS Device Name Request
CVE-2002-2423
Sendmail 8.12.0-8.12.6 - Remote Log Truncation via Long IDENT Response
CVE-2002-1358
Cisco IOS - Denial of Service via Malformed SSH2 Packet Lists
CVE-2002-1359
Cisco IOS - Denial of Service via Large SSH Packet Handling
CVE-2002-1360
Multiple SSH2 Servers/Clients - DoS/Code Injection
Details
Vulnerabilities 12,669
Exploit Likelihood High