CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2CVE-2002-1685 – Working Resources BadBlue 1.7 - 'ext.dll' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1685
Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI. • https://www.exploit-db.com/exploits/21576 http://online.securityfocus.com/archive/1/281088 http://www.securityfocus.com/bid/5086 https://exchange.xforce.ibmcloud.com/vulnerabilities/9513 •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 2CVE-2002-2170 – Working Resources 1.7.x BadBlue - Administrative Interface Arbitrary File Access
https://notcve.org/view.php?id=CVE-2002-2170
Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared. • https://www.exploit-db.com/exploits/21630 http://online.securityfocus.com/archive/1/283418 http://www.iss.net/security_center/static/9642.php http://www.securityfocus.com/bid/5276 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0800
https://notcve.org/view.php?id=CVE-2002-0800
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html http://www.iss.net/security_center/static/9239.php http://www.securityfocus.com/bid/4912 •