cbcvebase.

Working Resources Inc Badblue vulnerabilities

20 known vulnerabilities affecting working_resources_inc/badblue.

Total CVEs
20
CISA KEV
0
Public exploits
13
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM12

Vulnerabilities

Page 1 of 1
CVE-2005-0595P3HIGHCVSS 7.5PoCv2.552005-05-02
CVE-2005-0595 [HIGH] CVE-2005-0595: Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a l Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
nvd
CVE-2002-1973P3HIGHCVSS 7.5PoCvpersonal_1.7.32002-12-31
CVE-2002-1973 [HIGH] CVE-2002-1973: Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Mic Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long
nvd
CVE-2003-0332P3HIGHCVSS 7.6PoC≤ 2.22003-06-09
CVE-2003-0332 [HIGH] CVE-2003-0332: The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first tw The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
nvd
CVE-2001-0277P3CRITICALCVSS 10.0PoCv1.2.72001-05-03
CVE-2001-0277 [CRITICAL] CVE-2001-0277: Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a de Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
nvd
CVE-2002-2170P3HIGHCVSS 7.5PoCventerprise_1.7venterprise_1.7.2+2 more2002-12-31
CVE-2002-2170 [HIGH] CVE-2002-2170: Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrato Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entir
nvd
CVE-2002-0325P4MEDIUMCVSS 5.0PoCv1.5.6_betav1.6_beta2002-06-25
CVE-2002-0325 [MEDIUM] CVE-2002-0325: Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL.
nvd
CVE-2002-1685P4MEDIUMCVSS 4.3PoCventerprise_1.7.2vpersonal_1.7+1 more2002-12-31
CVE-2002-1685 [MEDIUM] CVE-2002-1685: Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI.
nvd
CVE-2002-1021P4MEDIUMCVSS 5.0PoCv1.7.3_enterprisev1.7.3_personal2002-10-04
CVE-2002-1021 [MEDIUM] CVE-2002-1021: BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP reques BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.
nvd
CVE-2002-1683P4MEDIUMCVSS 4.3PoCvpersonal_1.7.32002-12-31
CVE-2002-1683 [MEDIUM] CVE-2002-1683: Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers t Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.
nvd
CVE-2002-1023P4MEDIUMCVSS 5.0PoCv1.7.3_enterprisev1.7.3_personal2002-10-04
CVE-2002-1023 [MEDIUM] CVE-2002-1023: BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.
nvd
CVE-2004-1727P4MEDIUMCVSS 5.0PoCv2.502004-08-20
CVE-2004-1727 [MEDIUM] CVE-2004-1727: BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a lar BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
nvd
CVE-2004-2374P4MEDIUMCVSS 5.0PoCv2.402004-12-31
CVE-2004-2374 [MEDIUM] CVE-2004-2374: BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a req BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.
nvd
CVE-2001-0276P4MEDIUMCVSS 6.4PoCv1.2.72001-05-03
CVE-2001-0276 [MEDIUM] CVE-2001-0276: ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the phys ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.
nvd
CVE-2002-1541P4HIGHCVSS 7.5v1.7.02003-03-31
CVE-2002-1541 [HIGH] CVE-2002-1541: BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash).
nvd
CVE-2002-1022P4HIGHCVSS 7.5v1.7.3_enterprisev1.7.3_personal2002-10-04
CVE-2002-1022 [HIGH] CVE-2002-1022: BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possib BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges.
nvd
CVE-2002-1684P4MEDIUMCVSS 5.0venterprise_1.5vpersonal_1.5.6_beta2002-12-31
CVE-2002-1684 [MEDIUM] CVE-2002-1684: Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5 Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.
nvd
CVE-2002-0326P4HIGHCVSS 7.5v1.2.7v1.2.8+3 more2002-06-25
CVE-2002-0326 [HIGH] CVE-2002-0326: Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute a Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript.
nvd
CVE-2001-1140P4MEDIUMCVSS 5.0v1.02_beta2001-08-22
CVE-2001-1140 [MEDIUM] CVE-2001-1140: BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable progr BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.
nvd
CVE-2002-0800P4MEDIUMCVSS 5.0v1.7.02002-08-12
CVE-2002-0800 [MEDIUM] CVE-2002-0800: BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.
nvd
CVE-2002-2289P4MEDIUMCVSS 5.0v1.7.12002-12-31
CVE-2002-2289 [MEDIUM] CWE-200 CVE-2002-2289: soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensit soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
nvd
Working Resources Inc Badblue vulnerabilities | cvebase