4 results (0.009 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378. BadBlue 2.72 Personal Edition almacena múltiples programas en el raíz de un documento web con insuficientes controles de acceso, lo cual permite a atacantes remotos (1) provocar una denegación de servicio a través de invocaciones múltiples de uninst.exe, y tiene un impacto desconocido a través de (2) badblue.exe y (3) dyndns.exe. NOTA: esto puede ser utilizado para ejecuciones de código remoto de su elección en relación con CVE-2007-6378. • http://securityreason.com/securityalert/3832 http://www.securityfocus.com/archive/1/491282/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/42090 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de cruce de directorios en upload.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos creen o sobreescriban ficheros a su elección, utilizando .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/4715 http://aluigi.altervista.org/adv/badblue-adv.txt http://aluigi.org/testz/myhttpup.zip http://osvdb.org/42417 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www.securityfocus.com/bid/26803 http://www.vupen.com/english/advisories/2007/4160 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. BadBlue 2.72b y anteriores permiten que atacantes remotos obtengan información sensible a través de un parámetro browse inválido, que revela el directorio de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/4715 http://aluigi.altervista.org/adv/badblue-adv.txt http://osvdb.org/42418 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www.securityfocus.com/bid/26803 http://www.vupen.com/english/advisories/2007/4160 • CWE-16: Configuration •

CVSS: 7.5EPSS: 93%CPEs: 1EXPL: 6

Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. Desbordamiento de buffer relacionado con la pila en la funcionalidad PassThru en ext.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos ejecuten código a su elección utilizando una cadena de petición larga. • https://www.exploit-db.com/exploits/4784 https://www.exploit-db.com/exploits/4715 https://www.exploit-db.com/exploits/16806 https://github.com/Nicoslo/Windows-exploitation-BadBlue-2.7-CVE-2007-6377 http://aluigi.altervista.org/adv/badblue-adv.txt http://aluigi.altervista.org/poc/badbluebof.txt http://osvdb.org/42416 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •