Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
badblue vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-2170
Working Resources Inc. BadBlue Enterprise Edition 1.7 up to and including 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote malicious users to execute arbitrary code via a web p...
Working Resources Inc. Badblue Enterprise 1.7
Working Resources Inc. Badblue Enterprise 1.7.2
Working Resources Inc. Badblue Enterprise 1.7.3
Working Resources Inc. Badblue Enterprise 1.7.4
1 EDB exploit
NA
CVE-2002-2289
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote malicious users to gain sensitive information including ODBC passwords.
Working Resources Inc. Badblue 1.7.1
NA
CVE-2002-1684
Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote malicious users to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.
Deerfield D2gfx 1.0.2
Working Resources Inc. Badblue Enterprise 1.5
Working Resources Inc. Badblue Personal 1.5.6 Beta
NA
CVE-2002-1685
Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote malicious users to execute arbitrary script as other users by injecting script into ext.dll ISAPI.
Working Resources Inc. Badblue Enterprise 1.7.2
Working Resources Inc. Badblue Personal 1.7
Working Resources Inc. Badblue Personal 1.7.2
1 EDB exploit
NA
CVE-2002-1973
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote malicious users to cause a denia...
Working Resources Inc. Badblue Personal 1.7.3
Microsoft Foundation Class Library 7.0
1 EDB exploit
NA
CVE-2002-1683
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote malicious users to execute arbitrary script as other users by injecting script into the cleanSearchString() function.
Working Resources Inc. Badblue Personal 1.7.3
1 EDB exploit
NA
CVE-2002-1021
BadBlue server allows remote malicious users to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.
Working Resources Inc. Badblue 1.7.3 Enterprise
Working Resources Inc. Badblue 1.7.3 Personal
1 EDB exploit
NA
CVE-2002-1022
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote malicious users to gain privileges.
Working Resources Inc. Badblue 1.7.3 Enterprise
Working Resources Inc. Badblue 1.7.3 Personal
NA
CVE-2002-1023
BadBlue server allows remote malicious users to cause a denial of service (crash) via an HTTP GET request without a URI.
Working Resources Inc. Badblue 1.7.3 Personal
Working Resources Inc. Badblue 1.7.3 Enterprise
1 EDB exploit
NA
CVE-2002-0800
BadBlue 1.7.0 allows remote malicious users to list the contents of directories via a URL with an encoded '%' character at the end.
Working Resources Inc. Badblue 1.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »