Vulnerabilities > Esri

DATE CVE VULNERABILITY TITLE RISK
2014-08-22 CVE-2014-5122 Open Redirection vulnerability in Esri Arcgis for Server 10.1.1
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
network
esri
5.8
2014-08-22 CVE-2014-5121 Cross-Site Scripting vulnerability in Esri Arcgis for Server 10.1.1
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
network
esri CWE-79
4.3
2013-12-30 CVE-2013-7232 SQL Injection vulnerability in Esri Arcgis
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
network
low complexity
esri CWE-89
7.5
2013-12-30 CVE-2013-7231 Cross-Site Scripting vulnerability in Esri Arcgis 10.1/10.2
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
network
esri CWE-79
3.5
2013-12-30 CVE-2013-5222 Cross-Site Scripting vulnerability in Esri Arcgis 10.1
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
esri CWE-79
3.5
2013-09-24 CVE-2013-5221 Improper Input Validation vulnerability in Esri Arcgis 10.1/10.2
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
network
esri CWE-20
3.5
2012-11-14 CVE-2012-4949 SQL Injection vulnerability in Esri Arcgis 10.1
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
network
low complexity
esri CWE-89
6.5
2012-07-12 CVE-2012-1661 Code Injection vulnerability in Esri Arcgis and Arcmap
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
network
esri CWE-94
critical
9.3
2007-08-15 CVE-2007-4278 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Esri Arcgis
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.
network
low complexity
esri CWE-119
7.5
2007-03-30 CVE-2007-1770 Stack Buffer Overflow vulnerability in ESRI ArcSDE Server
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
network
low complexity
esri
critical
10.0