MidnightBSD

Advisories for stephen_turner

CVE-1999-1287 MEDIUM

Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stephen_turner analog *
CVE-2001-0301 HIGH

Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stephen_turner analog *
CVE-2002-0166 HIGH

Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stephen_turner analog 3.90_beta1
stephen_turner analog 5.03
stephen_turner analog 5.1a
stephen_turner analog 4.02
stephen_turner analog 4.90_beta3
stephen_turner analog 4.15
stephen_turner analog 4.14
stephen_turner analog 5.0
stephen_turner analog 5.02
stephen_turner analog 4.90_beta2
stephen_turner analog 4.1
stephen_turner analog 4.01
stephen_turner analog 4.16
stephen_turner analog 4.90_beta4
stephen_turner analog 4.91_beta1
stephen_turner analog 4.03
stephen_turner analog 4.04
stephen_turner analog 4.11
stephen_turner analog 5.01
stephen_turner analog 5.2
stephen_turner analog 3.90_beta2
CVE-2002-1154 MEDIUM

anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stephen_turner analog *