CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2002-2289
https://notcve.org/view.php?id=CVE-2002-2289
31 Dec 2002 — soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. • http://online.securityfocus.com/archive/1/300992 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 2CVE-2002-1021 – Working Resources 1.7.3 BadBlue - Null Byte File Disclosure
https://notcve.org/view.php?id=CVE-2002-1021
31 Aug 2002 — BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. • https://www.exploit-db.com/exploits/21616 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2002-1022
https://notcve.org/view.php?id=CVE-2002-1022
31 Aug 2002 — BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 2CVE-2002-1023 – Working Resources BadBlue 1.7.3 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2002-1023
31 Aug 2002 — BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. • https://www.exploit-db.com/exploits/21600 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0800
https://notcve.org/view.php?id=CVE-2002-0800
26 Jul 2002 — BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html •
CVSS: 7.5EPSS: 6%CPEs: 2EXPL: 3CVE-2002-0325 – Working Resources BadBlue 1.5/1.6 - Directory Traversal
https://notcve.org/view.php?id=CVE-2002-0325
03 May 2002 — Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL. • https://www.exploit-db.com/exploits/21303 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-0326
https://notcve.org/view.php?id=CVE-2002-0326
03 May 2002 — Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript. • http://marc.info/?l=bugtraq&m=101474387016066&w=2 •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2001-1140
https://notcve.org/view.php?id=CVE-2001-1140
22 Aug 2001 — BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. • http://www.securityfocus.com/archive/1/209545 •
CVSS: 8.2EPSS: 3%CPEs: 1EXPL: 2CVE-2001-0276 – Working Resources BadBlue 1.2.7 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2001-0276
03 May 2001 — ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path. • https://www.exploit-db.com/exploits/20640 •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 2CVE-2001-0277 – Working Resources BadBlue 1.2.7 - Denial of Service
https://notcve.org/view.php?id=CVE-2001-0277
04 Apr 2001 — Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. • https://www.exploit-db.com/exploits/20641 •