NcsaCVEs & Vulnerabilities

8 CVEs affecting Ncsa products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

myproxy 3ncsa web server 3telnet 3ncsa httpd 2campas 1servers 1
CVE-2011-0738MEDIUM

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.

2 Feb 2011
4.3
CVSS
CVE-2005-0469HIGH

Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.

2 May 2005
7.5
CVSS
CVE-2005-0468HIGHpoc

Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.

2 May 2005
7.5
CVSS
CVE-1999-0267HIGHpoc

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.

23 Sep 1997
7.5
CVSS
CVE-1999-0146HIGHpoc

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

15 Jul 1997
7.5
CVSS
CVE-1999-0067CRITICAL

phf CGI program allows remote command execution through shell metacharacters.

20 Mar 1996
10.0
CVSS
CVE-1999-0235CRITICALpoc

Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.

17 Feb 1995
10.0
CVSS
CVE-1999-1090HIGH

The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.

10 Sep 1991
7.5
CVSS
← PrevPage 1 / 1Next →