CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2950
https://notcve.org/view.php?id=CVE-2012-2950
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. Gateway Geomatics MapServer para Windows versiones anteriores a 3.0.6, contiene una vulnerabilidad de inclusión de archivo local que permite a atacantes remotos ejecutar código PHP local y obtener información confidencial. • http://www.securityfocus.com/bid/53737 https://exchange.xforce.ibmcloud.com/vulnerabilities/75983 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 70EXPL: 1CVE-2011-2975 – MapServer 6.0 - '.Map' File Double-Free Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-2975
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data. Doble vulnerabilidad libre en la función msAddImageSymbol en mapsymbol.c en MapServer anterior a v6.0.1 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o tener otro impacto no especificado a través de datos mapfile manipulados. • https://www.exploit-db.com/exploits/36092 http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html http://trac.osgeo.org/mapserver/ticket/3939 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0CVE-2011-2703
https://notcve.org/view.php?id=CVE-2011-2703
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support. Múltiples vulnerabilidades de inyección SQL en MapServer anterior a v4.10.7, y v5.x anterior a v5.6.7, y v6.x anterior a v6.0.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores relacionados con (1) filtros codificados OGC o (2) tiempo de soporte WMS. • http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html http://secunia.com/advisories/45257 http://secunia.com/advisories/45318 http://secunia.com/advisories/45368 http://trac.osgeo.org/mapserver/ticket/3903 http://www.debian.org/security/2011/dsa-2285 http://www.openwall.com/lists/oss-security/2011/07/19/11 http://www.openwall.com/lists/oss-security/2011/07/19/14 http://www.openwall.com/lists/oss-security/2011/07/20/15 http://www.securityfocu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 15%CPEs: 59EXPL: 0CVE-2011-2704
https://notcve.org/view.php?id=CVE-2011-2704
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding. Desbordamiento de búfer basado en pila en MapServer anterior a v4.10.7 y v5.x anterior a v5.6.7 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con el filtro codificado OGC. • http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html http://secunia.com/advisories/45257 http://secunia.com/advisories/45368 http://trac.osgeo.org/mapserver/ticket/3903 http://www.debian.org/security/2011/dsa-2285 http://www.openwall.com/lists/oss-security/2011/07/19/14 http://www.openwall.com/lists/oss-security/2011/07/20/15 http://www.securityfocus.com/bid/48720 https://bugzilla.redhat.com/show_bug.cgi?id=723293 https://exchange.xforce.ibmclou • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 54EXPL: 0CVE-2010-2539
https://notcve.org/view.php?id=CVE-2010-2539
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files. Desbordamiento de búfer en la función msTmpFile en maputil.c en mapserv en MapServer en versiones anteriores a la 4.10.6 y 5.x en versiones anteriores a la 5.6.4, permite a usuarios locales provocar una denegación de servicio mediante vectores que involucran nombres de ficheros temporales. • http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html http://marc.info/?l=oss-security&m=127973381215859&w=2 http://marc.info/?l=oss-security&m=127973754121922&w=2 http://trac.osgeo.org/mapserver/ticket/3484 http://www.securityfocus.com/bid/41855 https://bugzilla.redhat.com/show_bug.cgi?id=617312 https://exchange.xforce.ibmcloud.com/vulnerabilities/60851 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •