📦

gopher

Vendor: university_of_minnesota

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 2 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 23.40% Exploit Prob.

Latest CVE CVE-2019-9738 Mar 13

Security Vulnerability Index

Page 1 / 1

6.1 CVSS

CVE-2019-9738

jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.

EPSS: 0.24%

Severity: MEDIUM

Mar 13, 2019

7.5 CVSS

CVE-2005-2772

RCE Exploit Found

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.

EPSS: 33.13%

Severity: HIGH

Sep 02, 2005

7.2 CVSS

CVE-2005-1853

gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges.

EPSS: 0.05%

Severity: HIGH

Aug 03, 2005

7.5 CVSS

CVE-2002-0371

RCE Exploit Found

Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

EPSS: 60.19%

Severity: HIGH

Jul 03, 2002

Displaying 4 of 3 Total Entries

Total 1 Sections