HOMEVULNERABILITIESVENDORSUniversity OF Minnesota

University OF MinnesotaCVEs & Vulnerabilities

10 CVEs affecting University OF Minnesota products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

gopherd 15gopher 3mapserver 2
CVE-2007-4629HIGH

Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.

31 Aug 2007
7.5
CVSS
CVE-2007-4542MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

28 Aug 2007
4.3
CVSS
CVE-2005-2772HIGHpoc

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.

3 Sep 2005
7.5
CVSS
CVE-2005-1853HIGH

gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges.

3 Aug 2005
7.2
CVSS
CVE-2004-0560HIGH

Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow.

31 Dec 2004
7.5
CVSS
CVE-2004-0561HIGH

Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

31 Dec 2004
7.5
CVSS
CVE-2003-0805HIGHpoc

Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.

6 Oct 2003
7.5
CVSS
CVE-2002-0371HIGHpoc

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

3 Jul 2002
7.5
CVSS
CVE-2000-0743CRITICALpoc

Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.

20 Oct 2000
10.0
CVSS
CVE-1999-0124CRITICAL

Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.

9 Aug 1993
10.0
CVSS
← PrevPage 1 / 1Next →