CVSS: 9.8EPSS: 81%CPEs: 1EXPL: 6CVE-2007-6377 – BadBlue 2.72 - PassThru Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6377
15 Dec 2007 — Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. Desbordamiento de buffer relacionado con la pila en la funcionalidad PassThru en ext.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos ejecuten código a su elección utilizando una cadena de petición larga. • https://www.exploit-db.com/exploits/4784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 3CVE-2007-6378 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6378
15 Dec 2007 — Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de cruce de directorios en upload.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos creen o sobreescriban ficheros a su elección, utilizando .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/4715 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 8%CPEs: 1EXPL: 2CVE-2007-6379 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6379
15 Dec 2007 — BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. BadBlue 2.72b y anteriores permiten que atacantes remotos obtengan información sensible a través de un parámetro browse inválido, que revela el directorio de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/4715 • CWE-16: Configuration •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2003-0332 – Working Resources BadBlue 1.7.x/2.x - Unauthorized HTS Access
https://notcve.org/view.php?id=CVE-2003-0332
22 May 2003 — The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. La extendisón ISAPI en BadBlue 1.7 hasta 2.2, y posiblemente versiones anteriores, modifica las dos primeras letras de la extensión de un archivo después de realizar comprobaciones de seguridad, lo que permite que atacante... • https://www.exploit-db.com/exploits/22620 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1541
https://notcve.org/view.php?id=CVE-2002-1541
31 Mar 2003 — BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash). BadBlue 1.7 permiten a atacantes remotos eludir las protecciones de contraseñas en directorios y ficheros mediante una petición HTTP que contiene un caracter / (slash). • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0041.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2002-2289
https://notcve.org/view.php?id=CVE-2002-2289
31 Dec 2002 — soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. • http://online.securityfocus.com/archive/1/300992 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 2CVE-2002-1021 – Working Resources 1.7.3 BadBlue - Null Byte File Disclosure
https://notcve.org/view.php?id=CVE-2002-1021
31 Aug 2002 — BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. • https://www.exploit-db.com/exploits/21616 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2002-1022
https://notcve.org/view.php?id=CVE-2002-1022
31 Aug 2002 — BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 2CVE-2002-1023 – Working Resources BadBlue 1.7.3 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2002-1023
31 Aug 2002 — BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. • https://www.exploit-db.com/exploits/21600 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0800
https://notcve.org/view.php?id=CVE-2002-0800
26 Jul 2002 — BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html •