Firstclass
by Opentext
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2496 | 0.04 | — | 0.09 | Dec 31, 2004 | The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search. | |||
| CVE-2003-1173 | 0.03 | — | 0.03 | Dec 31, 2003 | Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory. | |||
| CVE-2007-2976 | 0.00 | — | 0.01 | Jun 1, 2007 | Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown;… | |||
| CVE-2005-1045 | 0.00 | — | 0.02 | May 2, 2005 | OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. | |||
| CVE-2001-0631 | 0.00 | — | 0.01 | Aug 22, 2001 | Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. |
- CVE-2004-2496Dec 31, 2004risk 0.04cvss —epss 0.09
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.
- CVE-2003-1173Dec 31, 2003risk 0.03cvss —epss 0.03
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
- CVE-2007-2976Jun 1, 2007risk 0.00cvss —epss 0.01
Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown;…
- CVE-2005-1045May 2, 2005risk 0.00cvss —epss 0.02
OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.
- CVE-2001-0631Aug 22, 2001risk 0.00cvss —epss 0.01
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.