MidnightBSD

Advisories for oreilly

CVE-1999-0177 HIGH

The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly website 2.0
CVE-1999-0178 HIGH

Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly oreilly_website 1.1e
CVE-1999-1180 MEDIUM

O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly website_pro 2.1
oreilly website 1.1e
oreilly website_pro 2.0
oreilly website_pro *
CVE-2000-0066 MEDIUM

WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly website_professional 2.3.18
oreilly website_professional 2.4.9
CVE-2000-0622 HIGH

Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly website_professional 2.3.18
oreilly website_professional 2.4.9
oreilly website_professional 2.4
CVE-2000-0623 HIGH

Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly website_professional 2.3.18
oreilly website_professional 2.4.9
oreilly website_professional 2.4
CVE-2000-0769 HIGH

O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly website_pro *
CVE-2001-0394 MEDIUM

Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly website_pro 3.0.37
CVE-2001-0626 HIGH

O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly website_professional *
CVE-2001-0743 MEDIUM

Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oreilly webboard 4.10.30