MidnightBSD

Advisories for ncsa

CVE-1999-0067 HIGH

phf CGI program allows remote command execution through shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
ncsa ncsa_httpd 1.5a
apache http_server 1.0.3
CVE-1999-0146 HIGH

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncsa servers *
ncsa campas *
CVE-1999-0235 HIGH

Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncsa ncsa_web_server 1.3
ncsa ncsa_web_server 1.4
ncsa ncsa_web_server 1.4.1
CVE-1999-0267 HIGH

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncsa ncsa_httpd 1.3
CVE-1999-1090 HIGH

The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncsa telnet *
CVE-2005-0468 HIGH

Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncsa telnet c
CVE-2005-0469 HIGH

Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncsa telnet *
CVE-2011-0738 MEDIUM

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ncsa myproxy 5.0
ncsa myproxy 5.1
globus globus_toolkit 5.0.1
ncsa myproxy 5.2
globus globus_toolkit 5.0.0
globus globus_toolkit 5.0.2