Oreilly
Products
3- 8 CVEs
- 7 CVEs
- 1 CVE
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55473 | Med | 0.40 | 6.1 | 0.00 | Sep 2, 2025 | Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output… | ||
| CVE-2001-0626 | 0.04 | — | 0.07 | Aug 22, 2001 | O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character. | |||
| CVE-2000-0622 | 0.04 | — | 0.13 | Jul 19, 2000 | Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. | |||
| CVE-1999-0178 | 0.04 | — | 0.12 | Jan 1, 1997 | Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. | |||
| CVE-2001-0743 | 0.03 | — | 0.05 | Oct 18, 2001 | Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands. | |||
| CVE-2025-62236 | 0.00 | — | 0.00 | Oct 23, 2025 | The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks. | |||
| CVE-2018-12556 | 0.00 | — | 0.02 | May 16, 2019 | The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to… | |||
| CVE-2003-0456 | 0.00 | — | 0.03 | Aug 18, 2003 | VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. | |||
| CVE-2001-0394 | 0.00 | — | 0.02 | Aug 22, 2001 | Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. | |||
| CVE-2000-0769 | 0.00 | — | 0.01 | Oct 20, 2000 | O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe. | |||
| CVE-2000-0623 | 0.00 | — | 0.05 | Jul 17, 2000 | Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header. | |||
| CVE-2000-0066 | 0.00 | — | 0.02 | Jan 13, 2000 | WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. | |||
| CVE-1999-1180 | 0.00 | — | 0.02 | Feb 16, 1999 | O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat. | |||
| CVE-1999-0177 | 0.00 | — | 0.02 | Sep 1, 1997 | The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
- risk 0.40cvss 6.1epss 0.00
Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output…
- CVE-2001-0626Aug 22, 2001risk 0.04cvss —epss 0.07
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
- CVE-2000-0622Jul 19, 2000risk 0.04cvss —epss 0.13
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.
- CVE-1999-0178Jan 1, 1997risk 0.04cvss —epss 0.12
Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.
- CVE-2001-0743Oct 18, 2001risk 0.03cvss —epss 0.05
Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands.
- CVE-2025-62236Oct 23, 2025risk 0.00cvss —epss 0.00
The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.
- CVE-2018-12556May 16, 2019risk 0.00cvss —epss 0.02
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to…
- CVE-2003-0456Aug 18, 2003risk 0.00cvss —epss 0.03
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
- CVE-2001-0394Aug 22, 2001risk 0.00cvss —epss 0.02
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
- CVE-2000-0769Oct 20, 2000risk 0.00cvss —epss 0.01
O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.
- CVE-2000-0623Jul 17, 2000risk 0.00cvss —epss 0.05
Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.
- CVE-2000-0066Jan 13, 2000risk 0.00cvss —epss 0.02
WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.
- CVE-1999-1180Feb 16, 1999risk 0.00cvss —epss 0.02
O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat.
- CVE-1999-0177Sep 1, 1997risk 0.00cvss —epss 0.02
The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.