Stephen Turner : Security Vulnerabilities, CVEs,

CVE-2002-1154

anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
Max CVSS
5.0
EPSS Score
1.04%
Published
2002-10-11
Updated
2008-09-05

CVE-2002-0166

Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
Max CVSS
7.5
EPSS Score
1.85%
Published
2002-04-22
Updated
2008-09-11

CVE-2001-0301

Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
Max CVSS
10.0
EPSS Score
0.89%
Published
2001-05-03
Updated
2017-10-10

CVE-1999-1287

Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface.
Max CVSS
5.0
EPSS Score
0.54%
Published
1999-12-31
Updated
2017-12-19
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close