CVSS: 9.8EPSS: 81%CPEs: 1EXPL: 6CVE-2007-6377 – BadBlue 2.72 - PassThru Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6377
15 Dec 2007 — Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. Desbordamiento de buffer relacionado con la pila en la funcionalidad PassThru en ext.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos ejecuten código a su elección utilizando una cadena de petición larga. • https://www.exploit-db.com/exploits/4784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 3CVE-2007-6378 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6378
15 Dec 2007 — Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de cruce de directorios en upload.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos creen o sobreescriban ficheros a su elección, utilizando .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/4715 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 8%CPEs: 1EXPL: 2CVE-2007-6379 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6379
15 Dec 2007 — BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. BadBlue 2.72b y anteriores permiten que atacantes remotos obtengan información sensible a través de un parámetro browse inválido, que revela el directorio de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/4715 • CWE-16: Configuration •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 3CVE-2004-2374 – Working Resources BadBlue Server 2.40 - 'PHPtest.php' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-2374
31 Dec 2004 — BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML. • https://www.exploit-db.com/exploits/23753 •