CVE-2007-6378 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6378
Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de cruce de directorios en upload.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos creen o sobreescriban ficheros a su elección, utilizando .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/4715 http://aluigi.altervista.org/adv/badblue-adv.txt http://aluigi.org/testz/myhttpup.zip http://osvdb.org/42417 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www.securityfocus.com/bid/26803 http://www.vupen.com/english/advisories/2007/4160 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-6379 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6379
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. BadBlue 2.72b y anteriores permiten que atacantes remotos obtengan información sensible a través de un parámetro browse inválido, que revela el directorio de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/4715 http://aluigi.altervista.org/adv/badblue-adv.txt http://osvdb.org/42418 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www.securityfocus.com/bid/26803 http://www.vupen.com/english/advisories/2007/4160 • CWE-16: Configuration •
CVE-2007-6377 – BadBlue 2.72 - PassThru Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6377
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. Desbordamiento de buffer relacionado con la pila en la funcionalidad PassThru en ext.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos ejecuten código a su elección utilizando una cadena de petición larga. • https://www.exploit-db.com/exploits/4784 https://www.exploit-db.com/exploits/4715 https://www.exploit-db.com/exploits/16806 https://github.com/Nicoslo/Windows-exploitation-BadBlue-2.7-CVE-2007-6377 http://aluigi.altervista.org/adv/badblue-adv.txt http://aluigi.altervista.org/poc/badbluebof.txt http://osvdb.org/42416 http://secunia.com/advisories/28031 http://securityreason.com/securityalert/3448 http://www.securityfocus.com/archive/1/484834/100/0/threaded http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-2374 – Working Resources BadBlue Server 2.40 - 'PHPtest.php' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-2374
BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML. • https://www.exploit-db.com/exploits/23753 http://www.securityfocus.com/archive/1/355109 http://www.securityfocus.com/bid/9737 https://exchange.xforce.ibmcloud.com/vulnerabilities/15311 •