Vulnerabilities > Stephen Turner > Analog

DATE CVE VULNERABILITY TITLE RISK
2002-10-11 CVE-2002-1154 Denial-Of-Service vulnerability in Analog
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
network
low complexity
stephen-turner
5.0
2002-04-22 CVE-2002-0166 Unspecified vulnerability in Stephen Turner Analog
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
network
low complexity
stephen-turner
7.5
2001-05-03 CVE-2001-0301 Unspecified vulnerability in Stephen Turner Analog
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
network
low complexity
stephen-turner
critical
10.0
1999-12-31 CVE-1999-1287 Unspecified vulnerability in Stephen Turner Analog
Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface.
network
low complexity
stephen-turner
5.0