| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-0839 | 10.0 |
Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter i
|
07-06-2021 - 15:56 | 31-03-2009 - 18:24 | |
| CVE-2009-2281 | 10.0 |
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a lar
|
01-06-2021 - 13:58 | 23-10-2009 - 18:30 | |
| CVE-2009-0841 | 10.0 |
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.
|
01-06-2021 - 13:57 | 31-03-2009 - 18:24 | |
| CVE-2009-0843 | 7.8 |
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depe
|
01-06-2021 - 13:57 | 31-03-2009 - 18:24 | |
| CVE-2009-0842 | 4.3 |
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonst
|
01-06-2021 - 13:57 | 31-03-2009 - 18:24 | |
| CVE-2009-0840 | 10.0 |
Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.
|
01-06-2021 - 13:57 | 31-03-2009 - 18:24 | |
| CVE-2009-2660 | 6.8 |
Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c)
|
17-08-2017 - 01:30 | 04-08-2009 - 16:30 | |
| CVE-2009-2940 | 7.5 |
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
|
19-12-2009 - 06:57 | 22-10-2009 - 16:30 | |
| CVE-2009-2942 | 7.5 |
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
|
27-10-2009 - 05:27 | 22-10-2009 - 16:30 | |
| CVE-2009-3296 | 7.5 |
Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.
|
21-10-2009 - 04:00 | 20-10-2009 - 17:30 | |
| CVE-2002-1276 | 4.3 |
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
|
05-09-2008 - 20:30 | 29-11-2002 - 05:00 | |
| CVE-2002-1132 | 5.0 |
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
|
05-09-2008 - 20:29 | 04-10-2002 - 04:00 | |
| CVE-2002-1131 | 7.5 |
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
|
05-09-2008 - 20:29 | 04-10-2002 - 04:00 |