CVSS: 9.8EPSS: 81%CPEs: 1EXPL: 6CVE-2007-6377 – BadBlue 2.72 - PassThru Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6377
15 Dec 2007 — Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. Desbordamiento de buffer relacionado con la pila en la funcionalidad PassThru en ext.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos ejecuten código a su elección utilizando una cadena de petición larga. • https://www.exploit-db.com/exploits/4784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 3CVE-2007-6378 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6378
15 Dec 2007 — Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de cruce de directorios en upload.dll de BadBlue 2.72b y anteriores. Permite que atacantes remotos creen o sobreescriban ficheros a su elección, utilizando .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/4715 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 8%CPEs: 1EXPL: 2CVE-2007-6379 – BadBlue 2.72b - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6379
15 Dec 2007 — BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. BadBlue 2.72b y anteriores permiten que atacantes remotos obtengan información sensible a través de un parámetro browse inválido, que revela el directorio de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/4715 • CWE-16: Configuration •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2003-0332 – Working Resources BadBlue 1.7.x/2.x - Unauthorized HTS Access
https://notcve.org/view.php?id=CVE-2003-0332
22 May 2003 — The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. La extendisón ISAPI en BadBlue 1.7 hasta 2.2, y posiblemente versiones anteriores, modifica las dos primeras letras de la extensión de un archivo después de realizar comprobaciones de seguridad, lo que permite que atacante... • https://www.exploit-db.com/exploits/22620 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1541
https://notcve.org/view.php?id=CVE-2002-1541
31 Mar 2003 — BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash). BadBlue 1.7 permiten a atacantes remotos eludir las protecciones de contraseñas en directorios y ficheros mediante una petición HTTP que contiene un caracter / (slash). • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0041.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2002-1685 – Working Resources BadBlue 1.7 - 'ext.dll' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1685
31 Dec 2002 — Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI. • https://www.exploit-db.com/exploits/21576 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0800
https://notcve.org/view.php?id=CVE-2002-0800
26 Jul 2002 — BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html •