CVSS: 9.8EPSS: 81%CPEs: 1EXPL: 6CVE-2007-6377 – BadBlue 2.72 - PassThru Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6377
15 Dec 2007 — Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. Desbordamiento de buffer relacionado con la pila en la funcionalidad PassThru en ext.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos ejecuten código a su elección utilizando una cadena de petición larga. • https://www.exploit-db.com/exploits/4784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 3CVE-2007-6378 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6378
15 Dec 2007 — Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de cruce de directorios en upload.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos creen o sobreescriban ficheros a su elección, utilizando .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/4715 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 8%CPEs: 1EXPL: 2CVE-2007-6379 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6379
15 Dec 2007 — BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. BadBlue 2.72b y anteriores permiten que atacantes remotos obtengan información sensible a través de un parámetro browse inválido, que revela el directorio de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/4715 • CWE-16: Configuration •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2003-0332 – Working Resources BadBlue 1.7.x/2.x - Unauthorized HTS Access
https://notcve.org/view.php?id=CVE-2003-0332
22 May 2003 — The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. La extendisón ISAPI en BadBlue 1.7 hasta 2.2, y posiblemente versiones anteriores, modifica las dos primeras letras de la extensión de un archivo después de realizar comprobaciones de seguridad, lo que permite que atacante... • https://www.exploit-db.com/exploits/22620 •
CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 2CVE-2002-2170 – Working Resources 1.7.x BadBlue - Administrative Interface Arbitrary File Access
https://notcve.org/view.php?id=CVE-2002-2170
31 Dec 2002 — Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared. • https://www.exploit-db.com/exploits/21630 •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 2CVE-2002-1021 – Working Resources 1.7.3 BadBlue - Null Byte File Disclosure
https://notcve.org/view.php?id=CVE-2002-1021
31 Aug 2002 — BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. • https://www.exploit-db.com/exploits/21616 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2002-1022
https://notcve.org/view.php?id=CVE-2002-1022
31 Aug 2002 — BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 2CVE-2002-1023 – Working Resources BadBlue 1.7.3 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2002-1023
31 Aug 2002 — BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. • https://www.exploit-db.com/exploits/21600 •