14 matches found
CVE-2009-0840
CVE-2009-0840 affects MapServer’s mapserv CGI: a heap-based buffer overflow can be triggered by a crafted Content-Length header, enabling remote code execution. Impacted are MapServer 4.x up to 4.10.4 and 5.x up to 5.2.2. Debian/OSS advisories note an incomplete fix also affecting CVE-2009-2281 a...
CVE-2010-2540
CVE-2010-2540 affects MapServer’s mapserv CGI interface. In MapServer versions prior to 4.10.6 and 5.x prior to 5.6.4, CGI arguments intended for debugging are not properly restricted, enabling remote attackers to craft arguments and trigger an unspecified impact. Fixed in MapServer 4.10.6 and 5....
CVE-2009-0843
CVE-2009-0843 affects MapServer (MapServer 4.x before 4.10.4 and 5.x before 5.2.2). The vulnerability arises from missing input validation in the queryfile parameter of the mapserv/GET request, allowing remote attackers to infer the existence of arbitrary files via differing error messages. Debia...
CVE-2009-0839
CVE-2009-0839 is a mapserver vulnerability affecting MapServer 4.x (pre-4.10.4) and 5.x (pre-5.2.2) where a stack-based buffer overflow can be triggered by a crafted id parameter in a query action when a map contains a long IMAGEPATH or NAME attribute. This leads to arbitrary code execution on th...
CVE-2009-0841
MapServer’s mapserv on Windows with Cygwin is vulnerable to directory traversal via a .. in the id parameter, allowing remote creation of arbitrary files. Affected: MapServer 4.x before 4.10.4 and 5.x before 5.2.2. Several advisories (e.g., Debian DSA-1914-1, Fedora advisories) indicate fixes in ...
CVE-2009-2281
MapServer is vulnerable to a heap-based buffer overflow in readPostBody of cgiutil.c. The issue affects MapServer 4.x up to 4.10.4 and 5.x up to 5.4.1 (before 5.4.2), due to an integer overflow that can be triggered by a crafted Content-Length header or a large HTTP request. This results in arbit...
CVE-2009-0842
MapServer is affected by CVE-2009-0842 due to a lack of file type verification when parsing a map file, which can disclose content from arbitrary files via error messages when a full path is provided in the map parameter. Impact is partial disclosure of file contents, as described in Debian secur...
CVE-2011-2704
MapServer has a stack-based buffer overflow in its OGC filter encoding handling, affecting versions before 4.10.7 (and 5.x before 5.6.7). This allows remote code execution via OGC filter vectors. Remediation: upgrade to 4.10.7+ or 5.6.7+. The provided sources do not include explicit exploitation ...
CVE-2013-7262
The vulnerability CVE-2013-7262 affects MapServer (MapServer before 6.4.1) in the msPostGISLayerSetTimeFilter function (mappostgis.c). When using a WMS-Time service, a crafted PostGIS TIME filter can lead to remote SQL command execution, exposing SQL injection risk with partial confidentiality/in...
CVE-2010-2539
CVE-2010-2539 concerns MapServer’s mapserv component. A buffer overflow in the msTmpFile function (maputil.c) allows local users to cause a denial of service via temporary-file name handling. Affected products are MapServer releases before 4.10.6 and 5.x before 5.6.4. The issue stems from overrun...
CVE-2011-2703
CVE-2011-2703 describes multiple SQL injection vulnerabilities in MapServer prior to 4.10.7, 5.x prior to 5.6.7, and 6.x prior to 6.0.1. Attack vectors relate to OGC filter encoding and WMS time support, enabling remote attackers to execute arbitrary SQL commands. Impact is partial confidentialit...
CVE-2009-1176
MapServer's mapserv binary (MapServer 4.x before 4.10.4 and 5.x before 5.2.2) is affected by a vulnerability in the handling of the id parameter in query actions: the string holding the id parameter may not end with a null terminator, enabling a remote attacker to trigger a buffer overflow or rel...
CVE-2009-1177
CVE-2009-1177 affects MapServer’s mapserv, specifically MapServer 4.x before 4.10.4 and 5.x before 5.2.2. The flaw resides in maptemplate.c and is described as multiple stack-based buffer overflows, with unknown impact and remote attack vectors. The Red Hat CVE entry corroborates this description...
CVE-2011-2975
The CVE-2011-2975 entry concerns MapServer prior to 6.0.1, where a double free in mapsymbol.c:msAddImageSymbol can be triggered by crafted mapfile data, potentially causing a denial of service (application crash) and unspecified impact. The issue is rooted in a memory-management flaw in the funct...