4 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de cruce de directorios en upload.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos creen o sobreescriban ficheros a su elección, utilizando .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/4715 http://aluigi.altervista.org/adv/badblue-adv.txt http://aluigi.org/testz/myhttpup.zip http://osvdb.org/42417 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www.securityfocus.com/bid/26803 http://www.vupen.com/english/advisories/2007/4160 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. BadBlue 2.72b y anteriores permiten que atacantes remotos obtengan información sensible a través de un parámetro browse inválido, que revela el directorio de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/4715 http://aluigi.altervista.org/adv/badblue-adv.txt http://osvdb.org/42418 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www.securityfocus.com/bid/26803 http://www.vupen.com/english/advisories/2007/4160 • CWE-16: Configuration •

CVSS: 7.5EPSS: 93%CPEs: 1EXPL: 6

Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. Desbordamiento de buffer relacionado con la pila en la funcionalidad PassThru en ext.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos ejecuten código a su elección utilizando una cadena de petición larga. • https://www.exploit-db.com/exploits/4784 https://www.exploit-db.com/exploits/4715 https://www.exploit-db.com/exploits/16806 https://github.com/Nicoslo/Windows-exploitation-BadBlue-2.7-CVE-2007-6377 http://aluigi.altervista.org/adv/badblue-adv.txt http://aluigi.altervista.org/poc/badbluebof.txt http://osvdb.org/42416 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 4

BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address. • https://www.exploit-db.com/exploits/419 http://marc.info/?l=bugtraq&m=109309119502208&w=2 http://secunia.com/advisories/12346 http://www.gulftech.org/?node=research&article_id=00043-08202004 http://www.securityfocus.com/bid/10983 https://exchange.xforce.ibmcloud.com/vulnerabilities/17064 •