CVSS: 9.8EPSS: 81%CPEs: 1EXPL: 6CVE-2007-6377 – BadBlue 2.72 - PassThru Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6377
15 Dec 2007 — Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. Desbordamiento de buffer relacionado con la pila en la funcionalidad PassThru en ext.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos ejecuten código a su elección utilizando una cadena de petición larga. • https://www.exploit-db.com/exploits/4784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 3CVE-2007-6378 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6378
15 Dec 2007 — Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de cruce de directorios en upload.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos creen o sobreescriban ficheros a su elección, utilizando .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/4715 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 8%CPEs: 1EXPL: 2CVE-2007-6379 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6379
15 Dec 2007 — BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. BadBlue 2.72b y anteriores permiten que atacantes remotos obtengan información sensible a través de un parámetro browse inválido, que revela el directorio de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/4715 • CWE-16: Configuration •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2003-0332 – Working Resources BadBlue 1.7.x/2.x - Unauthorized HTS Access
https://notcve.org/view.php?id=CVE-2003-0332
22 May 2003 — The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. La extendisón ISAPI en BadBlue 1.7 hasta 2.2, y posiblemente versiones anteriores, modifica las dos primeras letras de la extensión de un archivo después de realizar comprobaciones de seguridad, lo que permite que atacante... • https://www.exploit-db.com/exploits/22620 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-0326
https://notcve.org/view.php?id=CVE-2002-0326
03 May 2002 — Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript. • http://marc.info/?l=bugtraq&m=101474387016066&w=2 •
CVSS: 8.2EPSS: 3%CPEs: 1EXPL: 2CVE-2001-0276 – Working Resources BadBlue 1.2.7 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2001-0276
03 May 2001 — ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path. • https://www.exploit-db.com/exploits/20640 •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 2CVE-2001-0277 – Working Resources BadBlue 1.2.7 - Denial of Service
https://notcve.org/view.php?id=CVE-2001-0277
04 Apr 2001 — Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. • https://www.exploit-db.com/exploits/20641 •