CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0364 – BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
https://notcve.org/view.php?id=CVE-2025-0364
04 Feb 2025 — BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution. • https://vulncheck.com/advisories/big-ant-upload-rce • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26281
https://notcve.org/view.php?id=CVE-2022-26281
05 Apr 2022 — BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. Se ha detectado que BigAnt Server versión v5.6.06, contiene un problema de control de acceso incorrecto • http://bigant.com • CWE-311: Missing Encryption of Sensitive Data CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23345
https://notcve.org/view.php?id=CVE-2022-23345
21 Mar 2022 — BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. Se ha detectado que BigAnt Software BigAnt Server versión v5.6.06, contiene un control de acceso incorrecto • http://bigant.com • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23346
https://notcve.org/view.php?id=CVE-2022-23346
21 Mar 2022 — BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. Se ha detectado que BigAnt Software BigAnt Server versión v5.6.06, contiene problemas de control de acceso incorrectos • http://bigant.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23352
https://notcve.org/view.php?id=CVE-2022-23352
21 Mar 2022 — An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). Un problema en BigAnt Software BigAnt Server versión v5.6.06, puede conllevar a una Denegación de Servicio (DoS) • http://bigant.com • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23348
https://notcve.org/view.php?id=CVE-2022-23348
21 Mar 2022 — BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. Se ha detectado que BigAnt Software BigAnt Server versión v5.6.06, usa hashes de contraseñas débiles • http://bigant.com • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23350
https://notcve.org/view.php?id=CVE-2022-23350
21 Mar 2022 — BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. Se ha detectado que BigAnt Software BigAnt Server versión v5.6.06, contiene una vulnerabilidad de tipo cross-site scripting (XSS) • http://bigant.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23349
https://notcve.org/view.php?id=CVE-2022-23349
21 Mar 2022 — BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). Se ha detectado que BigAnt Software BigAnt Server versión v5.6.06, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) • http://bigant.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2022-23347
https://notcve.org/view.php?id=CVE-2022-23347
21 Mar 2022 — BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. Se ha detectado que BigAnt Software BigAnt Server versión v5.6.06, es vulnerable a ataques de salto de directorio • http://bigant.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6273
https://notcve.org/view.php?id=CVE-2012-6273
24 Feb 2013 — SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request. Vulnerabilidad de inyección SQL en BigAntSoft BigAnt IM Message Server, permite a atacantes remotos ejecutar comandos SQL de su elección a través de una petición SHU. • http://www.kb.cert.org/vuls/id/990652 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •