Ncsa
Products
8- 5 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0236 | Hig | 0.54 | 7.5 | 0.26 | Jan 1, 1997 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | ||
| CVE-1999-0067 | 0.07 | — | 0.87 | Mar 20, 1996 | phf CGI program allows remote command execution through shell metacharacters. | |||
| CVE-2005-0468 | 0.05 | — | 0.27 | May 2, 2005 | Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated. | |||
| CVE-1999-0749 | 0.04 | — | 0.08 | Aug 16, 1999 | Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. | |||
| CVE-1999-0267 | 0.04 | — | 0.10 | Sep 23, 1997 | Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. | |||
| CVE-1999-0146 | 0.04 | — | 0.15 | Jul 15, 1997 | The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. | |||
| CVE-1999-0235 | 0.04 | — | 0.07 | Feb 17, 1995 | Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. | |||
| CVE-2003-1199 | 0.03 | — | 0.02 | Mar 11, 2004 | Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||
| CVE-2020-10188 | 0.01 | — | 0.75 | Mar 6, 2020 | utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. | |||
| CVE-2005-0469 | 0.01 | — | 0.09 | May 2, 2005 | Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. | |||
| CVE-2014-3426 | 0.00 | — | 0.00 | May 8, 2014 | NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID. | |||
| CVE-2014-3425 | 0.00 | — | 0.00 | May 8, 2014 | NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID. | |||
| CVE-2011-0738 | 0.00 | — | 0.02 | Feb 2, 2011 | MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a… | |||
| CVE-2004-2481 | 0.00 | — | 0.02 | Dec 31, 2004 | MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command. | |||
| CVE-1999-0232 | 0.00 | — | 0.02 | Feb 1, 1995 | Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. | |||
| CVE-1999-1090 | 0.00 | — | 0.02 | Sep 10, 1991 | The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. |
- risk 0.54cvss 7.5epss 0.26
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
- CVE-1999-0067Mar 20, 1996risk 0.07cvss —epss 0.87
phf CGI program allows remote command execution through shell metacharacters.
- CVE-2005-0468May 2, 2005risk 0.05cvss —epss 0.27
Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
- CVE-1999-0749Aug 16, 1999risk 0.04cvss —epss 0.08
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
- CVE-1999-0267Sep 23, 1997risk 0.04cvss —epss 0.10
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
- CVE-1999-0146Jul 15, 1997risk 0.04cvss —epss 0.15
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
- CVE-1999-0235Feb 17, 1995risk 0.04cvss —epss 0.07
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
- CVE-2003-1199Mar 11, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
- CVE-2020-10188Mar 6, 2020risk 0.01cvss —epss 0.75
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
- CVE-2005-0469May 2, 2005risk 0.01cvss —epss 0.09
Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
- CVE-2014-3426May 8, 2014risk 0.00cvss —epss 0.00
NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID.
- CVE-2014-3425May 8, 2014risk 0.00cvss —epss 0.00
NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID.
- CVE-2011-0738Feb 2, 2011risk 0.00cvss —epss 0.02
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a…
- CVE-2004-2481Dec 31, 2004risk 0.00cvss —epss 0.02
MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.
- CVE-1999-0232Feb 1, 1995risk 0.00cvss —epss 0.02
Buffer overflow in NCSA WebServer (version 1.5c) gives remote access.
- CVE-1999-1090Sep 10, 1991risk 0.00cvss —epss 0.02
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.