Nulllogic
Products
2- 3 CVEs
- 2 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1496 | 0.05 | — | 0.23 | Apr 2, 2003 | Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. | |||
| CVE-2002-1497 | 0.03 | — | 0.02 | Apr 2, 2003 | Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. | |||
| CVE-2009-2356 | 0.00 | — | 0.04 | Jul 7, 2009 | Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query. | |||
| CVE-2009-2355 | 0.00 | — | 0.01 | Jul 7, 2009 | The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function. | |||
| CVE-2009-2354 | 0.00 | — | 0.01 | Jul 7, 2009 | SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
- CVE-2002-1496Apr 2, 2003risk 0.05cvss —epss 0.23
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.
- CVE-2002-1497Apr 2, 2003risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.
- CVE-2009-2356Jul 7, 2009risk 0.00cvss —epss 0.04
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.
- CVE-2009-2355Jul 7, 2009risk 0.00cvss —epss 0.01
The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function.
- CVE-2009-2354Jul 7, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.