CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0364 – BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
https://notcve.org/view.php?id=CVE-2025-0364
04 Feb 2025 — BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution. • https://vulncheck.com/advisories/big-ant-upload-rce • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 4CVE-2009-4661 – BigAnt Server 2.50 SP1 - '.zip' Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-4661
03 Mar 2010 — Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item. Múltiples desbordamientos de búfer en BigAnt Server 2.50 SP6 y versiones anteriores permiten a atacantes remotos asistidos por el usuario provocar una denegación de servicio (caída de la aplicación) mediante un fichero XIP manipulado que no... • https://www.exploit-db.com/exploits/9695 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •