Vulnerabilities > UMN > Mapserver > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-01-05 CVE-2013-7262 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
network
osgeo umn CWE-89
6.8
2011-08-01 CVE-2011-2975 Resource Management Errors vulnerability in multiple products
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
network
osgeo umn CWE-399
6.8
2009-03-31 CVE-2009-0842 Information Exposure vulnerability in multiple products
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
network
osgeo umn CWE-200
4.3