CVE-2018-21027
https://notcve.org/view.php?id=CVE-2018-21027
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. Boa versiones hasta 0.94.14rc21, permite a atacantes remotos desencadenar una condición fuera de la memoria (OOM) porque malloc es manejada inapropiadamente. • https://github.com/gpg/boa/pull/1 https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-9833 – BOA Web Server 0.94.14rc21 - Arbitrary File Access
https://notcve.org/view.php?id=CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable. /cgi-bin/wapopen in BOA Webserver 0.94.14rc21 permite la inyección de "../.." usando la variable FILECAMERA (enviada por GET) para leer archivos con privilegios root. BOA Web Server version 0.94.14rc21 an arbitrary file access vulnerability. • https://www.exploit-db.com/exploits/42290 https://github.com/anldori/CVE-2017-9833 https://pastebin.com/raw/rt7LJvyF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-9564
https://notcve.org/view.php?id=CVE-2016-9564
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. Desbordamiento de búfer en send_redirect() en Boa Webserver 0.92r permite a atacantes remotos hacer DoS a través de una petición GET HTTP solicitando un URI largo con solo caracteres '/' y '.'. • http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r http://www.securityfocus.com/bid/94599 • CWE-20: Improper Input Validation •
CVE-2009-4496 – BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection
https://notcve.org/view.php?id=CVE-2009-4496
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Boa v0.94.14rc21, escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobrescribir archivos, a través de una petición HTTP que contiene una secuencia de escape para el emulador de terminal. Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities. • https://www.exploit-db.com/exploits/33504 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041271.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041274.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041285.html http://secunia.com/advisories/39775 http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.securityfocus.com/bid/37718 http://www.ush.it/team/ush/hack_httpd_escape/adv.txt http://www.vupen • CWE-20: Improper Input Validation •
CVE-2007-4915 – Boa 0.93.15 - Administrator Password Overwrite Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-4915
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request. Las extensiones Intersil isl3893 para Boa 0.93.15, utilizadas sobre FreeLan RO80211G-AP y otros dispositivos, no previenen la escritura en pila desde la entrada a localizaciones de memoria utilizadas para constantes de cadenas, las cuales permiten a atacantes remotos cambiar la contraseña de admin almacenada en memoria a través de un nombre de usuario largo en una respuesta HTTP Basic Authentication. The Intersil extension in the Boa HTTP Server 0.93.x - 0.94.11 allows basic authentication bypass when the user string is greater than 127 bytes long. The long string causes the password to be overwritten in memory, which enables the attacker to reset the password. In addition, the malicious attempt also may cause a denial-of-service condition. • https://www.exploit-db.com/exploits/30584 https://www.exploit-db.com/exploits/4542 http://securityreason.com/securityalert/3151 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.ikkisoft.com/stuff/SN-2007-02.txt http://www.securenetwork.it/ricerca/advisory/download/SN-2007-02.txt http://www.securityfocus.com/archive/1/479434/100/0/threaded http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/25676 • CWE-20: Improper Input Validation •