OreillyCVEs & Vulnerabilities

10 CVEs affecting Oreilly products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

website professional 9website pro 5website 2oreilly website 1webboard 1
CVE-2001-0743MEDIUMpoc

Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands.

18 Oct 2001
5.0
CVSS
CVE-2001-0394MEDIUM

Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.

22 Aug 2001
5.0
CVSS
CVE-2001-0626HIGHpoc

O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.

22 Aug 2001
7.5
CVSS
CVE-2000-0769HIGH

O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.

20 Oct 2000
7.5
CVSS
CVE-2000-0622CRITICALpoc

Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.

19 Jul 2000
10.0
CVSS
CVE-2000-0623CRITICAL

Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.

17 Jul 2000
10.0
CVSS
CVE-2000-0066MEDIUM

WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.

13 Jan 2000
5.0
CVSS
CVE-1999-1180MEDIUM

O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat.

16 Feb 1999
5.0
CVSS
CVE-1999-0177HIGH

The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.

1 Sep 1997
7.5
CVSS
CVE-1999-0178HIGHpoc

Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.

1 Jan 1997
7.5
CVSS
← PrevPage 1 / 1Next →